ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] If DKIM would ignore [] at the beginning of the subject line

2011-03-31 06:33:32

On 31 Mar 2011, at 03:16, Franck Martin wrote:

Silly question (?):

Knowing that many mailing lists add [topic] at the beginning of the Subject 
line, what if DKIM was set to ignore that part when signing/verifying?

That's an implementation issue for verifiers, isn't it? If an rfc were to say 
anything at all, it might say that mailing lists will often break header 
signatures by prefixing the subject line. If a verifier finds a [] prefix and 
broken signature, it might like to try verifying a signature formed without 
that part of the subject line. It might also want to limit the number of 
characters in the prefix. And, it might like to keep a track of prefixes used 
with specific List-ID headers, to spot attempts to abuse this flexibility.

I suppose some guidance as to what might be acceptable in the prefix might be 
warranted. You could, for example, restrict it to substrings of the (also 
signed) List-ID header. That would severely limit replay attacks.  

Anyway, the list should be signing messages after adding subject line prefixes, 
and after adding body footers. It's the list's signature, and the list's 
reputation that need to be assessed by the recipient. There are many other 
modifications that a list might make (like stripping attachments, body 
prefixes, and so on) that would make l= useless.

Would it help to solve the problem of broken signature thru mailing lists?

I realize the issue would be to also detect the add footer, but if I recall 
you can specify in dkim to sign only a certain length of the body and not the 
whole body.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

-- 
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>