Re: [ietf-dkim] DKIM Scouts, was 8bit downgrades

> > It tells me signing and encryption certificates are valid and even their
> > root certificates are valid...
> Well, something's wrong with it.  I checked the signature in Alpine,
> Thunderbird, and Evolution, and they all agree it's fine.
I went back and looked in more detail.  The problem appears to be that 
this mailing list wraps the signed body in a MIME multipart/mixed section 
including both the signed message and the unsigned footer.  Some MUAs look 
inside the mixed and see the signature, some don't.  For the ones that do, 
I haven't checked to see how if at all they distinguish the signed part 
from the unsigned when they show you the message (shades of all the l= 
arguments.)
So this tells me that existing mail software doesn't try very hard to 
recover signatures from modified messages, even for simple changes that 
don't need any guessing or heuristics to undo.  Why would anyone think 
that the situation with DKIM would be any different?
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for 
Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html