On Sun, 03 Oct 2010 07:13:55 +0100, Michael Deutschmann
<michael(_at_)talamasca(_dot_)ocis(_dot_)net> wrote:
And there's the rub. The problem is that a major threat we anticipate,
is that should a means be added to append a footer without breaking the
signature, bad guys will find short legitimate messages and replay them
with a footer containing spam.
I would suppose that an added footer will usually take the form of an
extra part with Disposition: inline in a multipart/mixed. Insofar as this
is not the current convention it ought to be (if only so that users can
filter out those annoying footers).
In that case, the clean solution, in lieu of the little-used 'l=...',
would be to have some mechanism for speciffying exactly which
parts/atachments of a messsage had been included in the signature.
Whether it is now too late to add such a fundamental enhancement to DKIM
is an interesting question, even though it might enable various useful
possibilities. But at least it ought to be looked into.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html