On 29/Apr/10 01:12, SM wrote:
The diversity
of the email environment is such that you cannot come up with a
"mellowed" canonicalization to cope with every possible change.
Yet, it would seem that by, say, hashing just invariants of binary
representations of the first entity, e.g. discarding its white space
and punctuation, one may reach very high percentages of unbroken
retransmission.
Replay attacks? Spam is also happening. As an email user, I'm not
overly worried about spoofed signatures: They are not legally binding,
and I trust human recipients are able to distinguish fake messages in
case they occur. I'm not easing spammers' job by signing mail, even
though I'd use weaker signatures for increased resiliency. In facts,
the backscatter I get is not signed.
I would be concerned if my DKIM signatures are re-purposed. Once
that gets done, my DKIM signature is of no value except for you to
direct my messages to the bit bucket.
That would be a rather broken reputation system, if re-purposing
signatures can stagger it. Such game can be played with strongly
signed messages as well: Messages on this list could be used to wreck
mipassoc's reputation by massively resending them to general public,
many of whom would report them as spam.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html