(Sorry if what I say has been said, catching up on list mail)
On January 18, 2006 at 16:53, Eliot Lear wrote:
* Some guidance will need to be given about protection of the
"Subject:", "Sender:", and any other headers that are protected.
This goes beyond mailing list maintainers. If the signing domain
protects either, then the mailing list system should be reticent
to make changes. But should the signing domain sign these things
in the first place?
Mutation of header fields can be dealt with if the signer is able
to save the contents of the fields it signs, and those saved versions
are what is used during verification. Verifiers can then restore
the save versions if verification passes. Currently, DKIM does not
support this, and the saving capibility is limited.
You do get into problems if multiple signatures exist where a
given header field is different for each saved version for each signature.
Such descrepencies could be dealt with if role information is provided.
--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org