On Jan 24, 2006, at 10:45 AM, John Levine wrote:
The mutations made by a list can be removed with a small effort.
Sorry, Doug, but that's simply not true. Visit Yahoo Groups, the
largest list host in the world, for a few minutes, and come back
and tell us how they would do it. Don't forget that their business
model involves putting little tags with advertisements at the end
of the messages, and many if not most of their messages are HTML
coded.
Tony encapsulated the only sensible model: you break it, you sign it.
I agree with this however...
I was commenting upon the idea that valid signatures, although
mutated by a list-server, can be recovered with some effort _by the
bad actors_. They of course would send messages that would undergo
only minor transformations. The goal would be to recover the message
and restore functionality of the signature in order to stage replay
attacks, taking advantage of the originating domains reputation.
(Soon lost as a result of the signature leak.)
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org