-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Ian Eiloart
Sent: Thursday, September 16, 2010 3:20 AM
To: Hector Santos; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] draft-vesely-dkim-joint-sigs
I don't think so. The original signature should only sign the DKIM-
required
and From headers, and perhaps enough other headers to reduce utility of
replay attacks. Importantly, they should only sign parts that are
likely to
be unbroken by the MLM, thus satisfying ADSP requirements. However, the
recipient knows that a valid signature from the MLM is required, too.
Thus,
the original DKIM signature is only valid for messages going through
the
list - off list replay isn't possible. On-list replay can be limited by
ALSO including a full DKIM signature, for the list to check before
redistributing.
I'm worried about that third sentence. If people are encouraged not to sign
Subject:, for example, which is a popular display header field, one could
spamify that field and re-send the message.
If you subscribe to the idea that a DKIM signature reflects a domain taking
some responsibility for a message, I'd have a hard time not signing Subject:
(or From:) for any reason.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html