Is signing the body at all an essential requirement? Yes, some potential risk for a replay attack but otherwise "whoami I sent this" should be sufficient for some providers,
Bill Oxley Messaging Engineer Cox Communications, Inc. Alpharetta GA 404-847-6397 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Arvel Hathcock Sent: Tuesday, March 28, 2006 11:22 AM To: [email protected] Subject: Re: [ietf-dkim] mailing lists and -base > The current proposal for allowing signers to only have to compute the > hash once for large message bodies that will be sent out numerous > times (such as in a mailing list) seems like an improvement. I can not disagree. It isn't always the case, but it is often the case, and likely always at least optional that mailing lists personalize the TO header. When this is done, a single body hash which could be reused is an improvement. -- Arvel _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
