On 29/Apr/11 19:56, Dave CROCKER wrote:
As for the second part, with or without Content-Type, messing with the
message
in any interesting way will break the signature.
I'm not sure what you mean by "second part" and "interesting way".
The change to that security consideration section was meant to warn
against the attack that John mentioned, that is:
original:
DKIM-Signature: d=example.com; h=From:From:Subject; l=17; ...
From: user(_at_)example(_dot_)com
Subject: unsigned Content-Type follows
Content-Type: text/plain
This is signed!
changed by attacker:
DKIM-Signature: d=example.com; h=From:From:Subject; l=17; ...
From: user(_at_)example(_dot_)com
Subject: unsigned Content-Type follows
Content-Type: multipart/mixed; boundary=boundary
This is signed!
--boundary
Content-Type: text/plain
Now this is the only visible part of the message,
the (invisible) MIME preamble is still signed,
the original signature is not broken.
--boundary--
--
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html