On 08/03/2010 09:40 AM, Murray S. Kucherawy wrote:
-----Original Message-----
From: Michael Thomas [mailto:mike(_at_)mtcc(_dot_)com]
Sent: Tuesday, August 03, 2010 9:21 AM
To: Murray S. Kucherawy
Cc: Rolf E. Sonneveld; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] MLMs and the use of multipart/alternative to
preserve original DKIM signature and at the same time add a new DKIM
signature
But didn't we also say that such reverified signatures don't get any
additional meaning with 'z=' reprocessing?
Sorry, I don't understand.
I guess I don't either. You're saying use of "l=" and "z=" got your
mail-through-lists signature verification statistics up to 95%. However,
RFC4871 says "Copied header field values are for diagnostic use" which I
interpret to mean (and I think discussion on the list back then also agreed)
that the information in a "z=" tag isn't supposed to contribute to the
canonicalization algorithms, but instead can only be used for diagnostic
purposes (i.e., "This signature failed, and via the 'z=' we know why... but
it still failed.").
Yeah, well, sue me for flipping that MUST NOT the bird. It works, z= is signed
by the originator, and it's probably as high a recovery rate that you'll ever
get going through mailing lists. We weren't proposing that it be part of any
standard, and our reasons had nothing to do with ADSP either. All I'm saying is
that if you want mailing list signature recovery, we've already done that and
wrung out about as much as can be hoped for.
As I asked earlier, what is the purpose of this anyway? We were doing it to
deal with spear-phishing attacks. Maybe I've missed the motivation for the
mime thingy.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html