ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Features that could be reconsidered as part of the bis process

2009-05-21 09:25:51
On 5/20/09 11:42 PM, Murray S. Kucherawy wrote:
Indeed, Outlook will opt to render an HTML part over a text part whenever
given the choice.  Thus, if you sign only the text/plain portion of a
message and an attacker appends a text/html part, the unsigned HTML
version will be rendered even if completely different from the text/plain
part, and DKIM would give that a thumbs-up.
   

The conditions anticipated by l= was the limited case where a mailing 
list would append bits of information, such that the rest of the 
signature could be retained.  As John has pointed out, that is 
challenging because of all of the rewriting that goes on.  So I think we 
need to back up and decide whether it's worth arguing over whether a 
behavior change in the base is something we want to encourage.  I don't 
have an opinion on that at the moment.

Eliot
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>