John,
attachments are not signed in case of length specified and cover body
only. In that situation is important to cover all other information like
Content-Type, Content-ID, Content-Description, Content-Disposition,
Content-Encoding... simply to protect information about attachments, but
not attachment itself.
In situation that length tag is not available, whole e-mail are signed.
Regards
Jan
Dne 19. 08. 24 v 23:44 John Levine napsal(a):
It appears that Jan Dušátko <[email protected]> said:
Based on my experience, I trying to enforce signing at the least those
attributes. Mostly attachments are not signet, which allow attacker to
manipulate with it.
I don't think I have ever seen a message with a DKIM signature and an unsigned
attachment. Do you have some examples?
I understand how one could do it, but in my experience it never happens.
R's,
John
--
--
-- --- ----- -
Jan Dušátko
Tracker number: +420 602 427 840
e-mail: [email protected]
GPG: https://keys.dusatko.org/2E7D58B90FC2867C.asc
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
