On Thu, 19 Jun 2008 01:56:43 +0100, Hector Santos
<hsantos(_at_)santronics(_dot_)com>
wrote:
Why? Why put further confusion and ambiguity on receivers? Why further
perpetuate a continued recognition of a lower payoff in DKIM analysis?
Why make the life the support people or whoever trying to make heads or
tails if a header was indeed part of the original hashing and integrity
expected to be maintain? I can see it now - we will never know if a
SUBJECT or TO (which is not required by 2822) was part of the message or
not even if h= says there *might* be a header. IMV, domains will be
stupid to risk playing games that only adds confusion with an already
complicated concept - a strategy you should expect to see from DKIM
exploiters.
Eh? If a message genuinely had no Subject header, but 'subject' was
included in the "h=" tag, then that does not mean there "might be a
Subject header". It means there was NOT a Subject header when it was
signed, and if one gets added en route the verifier will report a DKIM
falure, and rightly so. That would be DKIM working exactly as intended.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html