On October 19, 2005 at 14:43, Michael Thomas wrote:
Er, um, oh bother. The point being that currrently mail is not signed
yet we somehow limp on without stripping "extra" content.
But DKIM adds a new dynamic and semantics.
As has been argued (successfully) on these lists is that an attacker
can add contact that does not invalidate a DKIM signature but change
the rendered contents of the message to the recipient.
If the l= tag is used, it is not sufficient to just indicate
"pass". If pass, all content after l= needs to be stripped, unless
MUAs know how to do DKIM verification directly and can render the
validated portion separately from the extra content.
--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org