On May 22, 2009, at 1:00 PM, J.D. Falk wrote:
Doug Otis wrote:
Providers insert ads into the messages. Who is user be required to
trust, and how will they know who generated the link? It is not
uncommon to find providers, in pursuit of revenue, post ads
referencing websites that become compromised due to lax security
and end up containing IFRAMEs that load malware.
Sounds like an argument /against/ allowing part of a message to be
signed, and part not.
By having a body length parameter as part of the DKIM protocol,
whenever offered by the signer, users can employ MUAs that properly
indicate which portions of a message originated by the signer, and
which did not. This might be done by distinctively enclosing the
included portions. Often appended comments mess up page formatting
whenever lines extend beyond the edge of a page. Don't you hate
that? Currently, use of RFC 5451 allows providers to include anything
they wish, while still purporting the entire message to have been
originated by the signer. This is wrong, regardless of any number of
providers demanding MTA that offer such a dubious feature. :^(
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html