On Thu, 14 Oct 2010 18:30:38 +0100, Murray S. Kucherawy
<msk(_at_)cloudmark(_dot_)com> wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of John R.
Levine
Sent: Thursday, October 14, 2010 10:15 AM
To: DKIM List
Subject: Re: [ietf-dkim] layer violations, was detecting header
mutations after signing
Am I really the only person who wants to be able to whitelist mail
signed
with known good signatures, drop it into user inboxes and expect
reasonable results with existing MUAs?
Not only do I want that, I did that. But the DKIM/ADSP module of that
system is purely DKIM/ADSP. The module that sits between the MTA and
the DKIM/ADSP module does the header count enforcement we're talking
about, knowing there's the potential for invalid mush in there.
Which module does which bit of the counting/DKIM/ADSP is a minor
implemention detail. Any DKIM verifier MUST be associated with a counting
mechanism, and whether this is done within itself or by some other module
within the overall MTA is neither here nor there.
And ADSP also needs to make it clear which From header it needs to look
at; and until that is fixed we MUST assume that it will look at whichever
From header gives the worst outcome.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html