On May 20, 2009, at 4:31 PM, Michael Thomas wrote:
Steve Atkins wrote:
On May 20, 2009, at 3:57 PM, Michael Thomas wrote:
Steve Atkins wrote:
Remember that we're considering the content of the message as
displayed to the end user here,
No we're not. That has never been in the scope of the DKIM effort.
Even if it weren't section 8.1 of the existing RFC, it's pretty
obvious that a security issue that allows an attacker to create a
validly signed email with their own content without access to the
associated private key would be in scope for discussion.
They cannot alter the signed text.
They can't alter the signed *bytes*. They *can* alter the signed text.
That's the crux of the issue.
That's all DKIM guarantees. It's
not in DKIM's scope to tell mail receivers what to do with the
message, signed text or otherwise. Stupid receivers are free as
always
to do stupid things. Smart receivers are free as always to do smart
things. As is ever was.
Sure. The question is whether we want to have the spec encourage smart
behavior or encourage stupid behavior.
The existence of l= certainly allows stupid behavior, and probably
encourages it.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html