On 17/Sep/10 16:51, Ian Eiloart wrote: > --On 16 September 2010 09:49:40 -0700 "Murray S. Kucherawy" > <[email protected]> wrote: >> I'm worried about [partial signatures]. If people are encouraged not to >> sign Subject:, for example, which is a popular display header field, one >> could spamify that field and re-send the message. >> >> If you subscribe to the idea that a DKIM signature reflects a domain >> taking some responsibility for a message, I'd have a hard time not >> signing Subject: (or From:) for any reason. > > I guess for this to work, the MLM admin needs to be looking for a good full > signature. Lists that don't rewrite the subject are going to work better > here, but more serious is the lack of signature for the body. Still, the > attack that you describe is fairly esoteric, and targetted specifically to > the list (remember, the sender can add a list-id header, and sign that!) It > may be too expensive to be profitable.
Ah, it wasn't clear to me that Murray meant re-sending the message /through the list/. Yes, in that case the MLM cannot use the first signature to authenticate the author, unless an additional datum is also signed. For example, if the first signature also covers Date or Message-ID, forgeries would be quite apparent. Hey, how come message streams have no sequence numbers? _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
