On Thu, Mar 16, 2006 at 10:12:34AM -0600, Arvel Hathcock allegedly wrote:
Every piece of mail I've sent this morning has validated. Really.
That's because it was all Re: and already had the subject line tag.
It's your lucky day.
I'm not sure that's correct. The l= in Mike's signatures takes care of
the bits appended by the list to the end. The z= subject value can be
used by verifiers to take care of the subject munging this list
performs. The verifier then simply replaces the subject text with the
value from z= that was signed. That's one way of solving the mailing
list subject munging problem.
And there-in lies dragons methinks. Do you physically replace the
Subject: so that the final recipient gets the pre-list content or do
you logically replace it for the purposes of verifying?
If the former, you'll likely irritate exactly 50% of the planet that
wants that extra goop, and, you've precluded the possibility of a
smart UA doing that selectively on a per-user basis.
If the latter, then the vector is open for abuse and you'll have to
hope for wide deployment of smart UAs to protect users from this risk.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html