On 7/8/2011 6:54 AM, Murray S. Kucherawy wrote:
That's not part of what DKIM tells an assessor, nor is the list of signed
header fields, so I don't see why that would be a useful thing to highlight.
For example, if a message contains two Subject: fields, the assessor doesn't
know which was signed; could be neither. It still gets an SDID out of the
verification and nothing more (possibly not even that if the signature
failed).
It simply is not productive to pursue terse, abstract claims of threats, absent
detailed technical description, detailed explanation of how it is relevant to
DKIM, and some indication of concern for that threat among a range of people
The main effect of responding to isolated, terse concerns is to create a record
that can be read as giving credence to those threats.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html