Hi Steve, At 15:41 20-05-2009, Steve Atkins wrote: >Remember that we're considering the content of the message as >displayed to the end user here, not the traffic on the wire. If I can >control the content of the message as it's displayed to the recipient, >then the fact that I only have limited control as to the changes I can >make to the bytes on the wire is pretty much irrelevant.
DKIM is not end to end. We only have to preserve the validity of the DKIM signature up to the DKIM verifier. "l=" was introduced because some mailing lists appends (sometimes it's more than that) a footer to the message. I tested "l=" with Mailman a few years back and the DKIM verification was successful even if a footer was added along the path between the signer and verifier. I don't think we should mix the content of the message with "signed" body. If the verifier passes the "unsigned" part without additional checks, there will be abuse. >But when we're talking about the benefits of something you can't If I recall correctly, the feature was added to fulfill one of the requirements. >There are a few, exceptional cases where using l= to preserve a DKIM >signature via a forwarder that would otherwise break it would actually >work (a sender choosing to use l= to sign the entire length of their >message sending plain text mail to a mailing list that does not modify >the body of the message other than appending a footer and does not >modify the signed headers - no From, Subject, Reply-To changes - for >instance). Even if you use the "l=", you can still get end up with a broken signature because of the subject tag. The Reply-To doesn't usually break the signature. Regards, -sm _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
