On Wed, 18 Jun 2008, ietf-dkim-request(_at_)mipassoc(_dot_)org wrote:
[ not about ADSP, about DKIM ]
An acquaintance points out that one could prepend an extra From: or
Subject: header to a DKIM signed message, which wouldn't break the
signature, but would often be displayed by MUAs which show the new one
rather than the old one. Needless to say, that weakens the practical
benefit of DKIM for people with MUAs like that.
It could break the signature. Presumably the original message signed the
first From: header field. Depending on the placement of the new one, the
verifier might use the new one or might use the old one. That will affect
the validation process.
My theory is that DKIM only applies to valid 2822 messages, and it's not
a substitute for a sanity check for all the screwy things one can send
in a non-conformant message. Perhaps it would be a good idea someday to
collect experience and advice into an implmentation guide, but other
than that, it's not our problem. Agreed?
+1, and I would go even further to say that we should have an errata item
against RFC4871 which says we should add that DKIM presumes a
properly-formed RFC2822-style message, and that its application to other
messages produces undefined results.
NOTE WELL: This list operates according to