ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Why mailing lists should strip DKIM signatures

2010-04-26 09:03:20
I'm willing to accept a signature with l= so long as it covers the
entire message.  I agree that partial coverage is not practically
distinguished from no coverage.

I note you refer to /current/ --rather than possible or commendable-- 
practice

Sorry, I don't understand what you're trying to say.

Partial body coverage allows all sorts of sneaky tricks that make the
body presented to the user completely different from that the sender
signed.  l=0 screams "phish me", attach a fake body to a genuine
signed set of headers.

We hashed all this out in excruciating detail on this list a year or
two ago, so please review the archives.

R's,
John
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>