It tells me signing and encryption certificates are valid and even their
root certificates are valid...
Well, something's wrong with it. I checked the signature in Alpine,
Thunderbird, and Evolution, and they all agree it's fine.
I went back and looked in more detail. The problem appears to be that
this mailing list wraps the signed body in a MIME multipart/mixed section
including both the signed message and the unsigned footer. Some MUAs look
inside the mixed and see the signature, some don't. For the ones that do,
I haven't checked to see how if at all they distinguish the signed part
from the unsigned when they show you the message (shades of all the l=
arguments.)
So this tells me that existing mail software doesn't try very hard to
recover signatures from modified messages, even for simple changes that
don't need any guessing or heuristics to undo. Why would anyone think
that the situation with DKIM would be any different?
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html