On Thu, Mar 16, 2006 at 10:12:34AM -0600, Arvel Hathcock allegedly wrote: > >> Every piece of mail I've sent this morning has validated. Really. > > > > That's because it was all Re: and already had the subject line tag. > > It's your lucky day. > > I'm not sure that's correct. The l= in Mike's signatures takes care of > the bits appended by the list to the end. The z= subject value can be > used by verifiers to take care of the subject munging this list > performs. The verifier then simply replaces the subject text with the > value from z= that was signed. That's one way of solving the mailing > list subject munging problem.
And there-in lies dragons methinks. Do you physically replace the Subject: so that the final recipient gets the pre-list content or do you logically replace it for the purposes of verifying? If the former, you'll likely irritate exactly 50% of the planet that wants that extra goop, and, you've precluded the possibility of a smart UA doing that selectively on a per-user basis. If the latter, then the vector is open for abuse and you'll have to hope for wide deployment of smart UAs to protect users from this risk. Mark. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
