From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Jeff Macdonald
Sent: Wednesday, October 13, 2010 3:59 PM
Subject: Re: [ietf-dkim] detecting header mutations after signing
On Wed, Oct 13, 2010 at 2:47 PM, Scott Kitterman
On Wednesday, October 13, 2010 02:27:29 pm Jeff Macdonald wrote:
And even if there was a DKIM signature, it is the BAD GUY'S signature,
which should cause it to go into the SPAM folder, with a large
No. That misses the point entirely. The problem here is that one can
DKIM signed message that is signed by any entity and add additional
From/Subjects and the message may still appear to be the one signed by
original entity even though it's been modified post-signature.
Right. I had understood that and then forgot.
If DKIM is just viewed as providing an identifier and nothing more,
then this is a MUA problem.
What is the value of "an identifier" vs "a stable identifier"? IF all you are
willing to say about "an identifier" is yep, that's mine and nothing else, what
is the value to an evaluator if the message body and various headers can be
modified? I've always viewed DKIM as weak rather than strong but this reduces
it to the edge of meaningless.
If DKIM is viewed as providing more than an identifier, then this is a
This moves us in the direction of what is the use case for the identifier. I've
said for a long time (from a phishing perspective) that if we let "bad" stuff
(from a brand perspective) get to the enduser then it is game over (and yes, I
realize that perfection is not necessarily achievable). This is why I am
focused on the MTA rather than the MUA.
Having said that, if an MUA is going to present an indication of "DKIM PASS" to
the enduser, then a reasonable person would expect some relationship between
what is "passed" and what is presented to the enduser.
I understand the issues raised by Murray about the slippery slope. On the other
hand, I would rather see an MUA present nothing about DKIM than give a false
impression to endusers.
NOTE WELL: This list operates according to