Barry Leiba wrote:
Just on one portion, here:
On Thu, May 28, 2009 at 3:30 PM, Doug
Otis<doug(_dot_)mtview(_at_)gmail(_dot_)com> wrote:
Some systems handle message attachments separately, and at times may exclude
attachments. Eventually, a practice similar to DKIM should be established
to separately encapsulate attachments. Once such a convention exists,
separating message attachment hashes will better ensure textual portions of
a message can be handled independently from that of message attachments.
Hm.
I should think that the DKIM way to handle the removal of attachments
would be for the agent that remove the attachments to re-sign the
message after it does so.
Agreed. No matter which MIME part was affected, it's still a modification
of the original message and thus invalidates the assertions inherent in the
original signature.
--
J.D. Falk
Return Path Inc
http://www.returnpath.net/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html