At 11:27 27-04-10, Alessandro Vesely wrote: >At any rate, all what I'm trying to say is that a few certified >fields, e.g. "From:", "To:", and "Date:", are more useful than a >broken signature, in most cases.
Yes, they are. RFC 4871 describes what is being covered by the DKIM Signature. For the sake of the discussion, I'll overlook that. It would be good to have these fields certified by limiting the DKIM signature to cover them only. There are cases where we will still end up with a broken signature though. In a one to one exchange, let's presume that the message won't be reinjected. It's different for an open mailing list as you any of the subscribers can reuse what has been certified and add their own content. In simple terms, you are providing a blind certificate by only (DKIM) signing those fields. We could use this blind certification for one to one exchanges. If the recipient's account or any of the hops through which the message transits is compromised, there will be abuse. That's already happening by the way. I would caution anyone against using such a certification for mailing lists as they will be providing a means for anyone to affix their DKIM signature to new content. I am not recommending "l=0". Regards, -sm _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
