On Sun, 03 Oct 2010 07:13:55 +0100, Michael Deutschmann <[email protected]> wrote:
> And there's the rub. The problem is that a major threat we anticipate, > is that should a means be added to append a footer without breaking the > signature, bad guys will find short legitimate messages and replay them > with a footer containing spam. I would suppose that an added footer will usually take the form of an extra part with Disposition: inline in a multipart/mixed. Insofar as this is not the current convention it ought to be (if only so that users can filter out those annoying footers). In that case, the clean solution, in lieu of the little-used 'l=...', would be to have some mechanism for speciffying exactly which parts/atachments of a messsage had been included in the signature. Whether it is now too late to add such a fundamental enhancement to DKIM is an interesting question, even though it might enable various useful possibilities. But at least it ought to be looked into. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: [email protected] snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
