On 31/May/11 00:23, Murray S. Kucherawy wrote:
-----Original Message-----
From: On Behalf Of Steve Atkins
The most obvious thing that MLMs do that invalidate signatures are 1.
append content to the body and 2. prepend content to the subject line.
Any approach that allows me to replay messages while making those
changes seems to open the door to abuse.
While that's true for MLM, I'm not sure it correctly reflects MTAs'
behaviors. In particular, the X-MIME-AUTOCONVERT feature and whatever
may cause MIME rewriting. This is MTA-specific, and affects MLMs as
well as dot-forwards.
Pareto has been discussed enough, so I don't comment on the fact that
such minor part of the traffic would demand complicated and expensive
implementations to go through correctly.
Agree on all counts. And I talked to the Mailman people, for
example, about a modified header canonicalization that deals with
Subject: tagging, and they also agreed it wouldn't help that much
since that's not the most common change made that would invalidate
the signatures.
Yeah, reply messages have subject-tags already in place. If MLM
subscriptions were known at submission time, tag addition before
signing could be easily done by MSAs, MUAs, or manually by users.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html