-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Steve Atkins
Sent: Monday, May 30, 2011 9:14 AM
To: DKIM List
Subject: Re: [ietf-dkim] New canonicalizations
The most obvious thing that MLMs do that invalidate signatures are 1.
append content to the body and 2. prepend content to the subject line.
Any approach that allows me to replay messages while making those
changes seems to open the door to abuse.
Agree on all counts. And I talked to the Mailman people, for example, about a
modified header canonicalization that deals with Subject: tagging, and they
also agreed it wouldn't help that much since that's not the most common change
made that would invalidate the signatures.
So as far as I can tell, we're at a point where lots of people think they want
MLM survivability of signatures, or at least the chain-of-trust capability, but
no proof that the increased risk is worth the increased gain.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html