On May 20, 2009, at 3:57 PM, Michael Thomas wrote:
Steve Atkins wrote:
Remember that we're considering the content of the message as
displayed to the end user here,
No we're not. That has never been in the scope of the DKIM effort.
Even if it weren't section 8.1 of the existing RFC, it's pretty
obvious that a security issue that allows an attacker to create a
validly signed email with their own content without access to the
associated private key would be in scope for discussion.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html