Murray S. Kucherawy wrote:
Current implementations, especially the two library ones that
are referenced most often in here, haven't the functionality to
cause header fields to be removed, prefixed, reordered, modified,
etc. This change would require them to be overhauled to extend
their reach into what the MTA can do. That expansion of scope
of "DKIM process" to me requires a recycle at Proposed Standard.
What started all this is one of these API dealing with it with the
verification and I pointing this out. However, we did not know why it
did this and we later found out.
Their solution was only on the verification side with an added
requirement that all 5322.From be signed - the default behavior.
So any belated injection of a 5322.From header would invalidate the
signature which I believe will cover the majority of the loophole.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html