On 08/03/2010 10:34 AM, Rolf E. Sonneveld wrote:
<quote>
Changes that merely add new header fields, such as those specified by
[LIST-ID], [LIST-URLS] and [MAIL] are generally the most friendly to
a DKIM-participating email infrastructure in that their addition by
an MLM will not affect any existing DKIM signatures unless those
fields were already present and covered by a signature’s hash or a
signature was created specifically to disallow their addition (see
the note about "h=" in Section 3.5 of [DKIM]). The shortest path to
success for DKIM would be to mandate that all MLM software be redesigned
or re-configured with that goal in mind.
However, the practice of applying headers and footers to message
bodies is common and not expected to fade regardless of what
documents this or any standards body might produce. This sort of
change will invalidate the signature on a message where the body hash
covers the entire entire message. Thus, the following sections also
investigate and recommend other processing alternatives.
</quote>
That's not really answering my question, unfortunately. I'm asking
what you intend to use the original signature's verification status
for with the knowledge that you will have a non-zero false positive
rate. We did our experiment with spear-phishing in mind: ie, can we
tag mail purporting to originate from us with a bad/missing signature
with an acceptable false positive rate. It was pretty close. I don't
know what problem your proposal is intending to solve.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html