[ talking about IIM ]
This mailing list is easy; all it does is add an extra CRLF before
the body which the "nofws" canonicalization takes care of. But IIM
also works for the ASRG list that adds a footer and adds [ASRG] to
the subject line.
Can you explain (or tell where to find an explanation) of what a
recipient is supposed to do when the copied header doesn't match the
actual header? Is the intention to use some sort of distance function
to decide whether the two headers are close enough, just ignore the
differences, or what?
I would be rather concerned that a bad guy could take a short valid
message, add new MIME sections or large amounts of new text, replace
the subject line, and still have IIM say it was OK. This is the "bad
guys don't play by the rules" problem that bedevils all sorts of
security designs.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
PS: My take on the mailing list question is that a list manager that
does anything more than forward messages untouched has created new
messages and it's up to the list host to sign them.
--
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 330 5711
johnl(_at_)iecc(_dot_)com, Mayor, http://johnlevine.com,
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail