On 29/Apr/10 01:12, SM wrote: > The diversity > of the email environment is such that you cannot come up with a > "mellowed" canonicalization to cope with every possible change.
Yet, it would seem that by, say, hashing just invariants of binary representations of the first entity, e.g. discarding its white space and punctuation, one may reach very high percentages of unbroken retransmission. >>Replay attacks? Spam is also happening. As an email user, I'm not >>overly worried about spoofed signatures: They are not legally binding, >>and I trust human recipients are able to distinguish fake messages in >>case they occur. I'm not easing spammers' job by signing mail, even >>though I'd use weaker signatures for increased resiliency. In facts, >>the backscatter I get is not signed. > > I would be concerned if my DKIM signatures are re-purposed. Once > that gets done, my DKIM signature is of no value except for you to > direct my messages to the bit bucket. That would be a rather broken reputation system, if re-purposing signatures can stagger it. Such game can be played with strongly signed messages as well: Messages on this list could be used to wreck mipassoc's reputation by massively resending them to general public, many of whom would report them as spam. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
