ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] detecting header mutations after signing

2010-10-08 01:16:49
A) You have to sign either all occurences of a header or none of them, ...

B) Same as A, but limited to an enumerated set of headers that are 
supposed to occur only once.

c) Same as B, but tell signers to use the h= trick to make verification 
fail if extra headers show up.

Realistically useful advice probably has to influence rendering of
messages. That might mean MUA participation or it might mean mailstore
participation that removes all (typically) rendered headers that are
unsigned.

Gosh, I hope not.  I'd like DKIM to be sturdy enough that I can trust
stuff signed by people I know and not have to backstop it by tricks
elsewhere to defend against malicious changes that DKIM didn't notice.

R's,
John
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>