On Wednesday, April 01, 2015 08:31:20 AM Murray S. Kucherawy wrote: > On Wed, Apr 1, 2015 at 7:35 AM, Anne Bennett <[email protected]> wrote: > > Some days ago I tentatively suggested signing only part of > > some message parts, in particular part of the Subject header > > (excluding any future additions of "[list-identification]"), > > assuming that such an approach had doubtless already been > > suggested elsewhere. I was expecting to hear either "been > > there, tried that, won't work", or (a polite version of) "that's > > a dumb idea because...", but I've heard nothing. I can't quite > > make myself believe that you're all rendered speechless by my > > sheer genius, so... why *won't* something like that work? > > I missed the earlier suggestion. > > As I recall this was considered during the development of DKIM originally, > exactly for this reason. We rejected it because we couldn't come up with a > safe description of what a tag should look like. If arbitrary text is > allowed in there, then one could "tag" a spam URL at the front of a > legitimate message's Subject field and the signature would still pass. If > you assert a length limit on the size of a tag, then lists out there that > use some longer mnemonic to identify the list are excluded. If you assert > no special characters are allowed, you exclude international list names. > Not all list tags use the square brackets at the front as delimiters. Et > cetera. > > Short of introducing legislation about what constitutes a "standard" set of > list modifications, which would be highly controversial and consensus > firmly disliked, there wasn't a good path forward there, so the working > group dropped the idea.
That matches my recollection. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
