--On 11 June 2010 22:37:09 -0700 Phil Pennock <[email protected]> wrote:
> On 2010-06-11 at 23:34 +0200, Heiko Schlittermann wrote: >> Ian Eiloart <[email protected]> (Fr 11 Jun 2010 18:25:45 CEST): >> > >> Or is this something useful for other Exim users, too? >> > > >> > > Could be - in case we have to prove that we didn't change the message >> > > after reception (the hash has to be signed, of course). >> > So, why not use the DKIM features? >> >> Stupid question maybe: does the DKIM signature include the message body? >> (I always thought, it's only a signature for selected header fields.) > > Yes, it includes the message body; otherwise a spammer could just > include the headers from a valid message and a new body and pump out > spam which verifies as coming from an identity that they do not actually > have administrative control of. > > DKIM contains two ways of forming the message body, for signing > purposes, and optionally lets you only sign the first 'l' bytes of the > body. So you could theoretically use l=0 but at this time I can't > conceive of a scenario where that would be wise. It might allow the signature to survive the addition of a mailing list sig. > RFC 4871 > > -Phil -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
