> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Wietse Venema > Sent: Friday, October 08, 2010 1:16 PM > To: [email protected] > Subject: Re: [ietf-dkim] detecting header mutations after signing > > What I describe would be a best practice application of DKIM > mechanisms that already exist. > > Mail is signed as if there are N+1 instances of each header that > is covered by the DKIM signature. The verifier will then fail if > any such header is added after-the-fact. > > With this, there is no need to rely on enforcement mechanisms > outside DKIM, such as the correct implementation of RFC 5322.
I would suggest constraining that to include only those fields that are 0-or-1 in RFC5322 Section 3.6. For example, doing this with Received: is begging for signature invalidation on otherwise unaltered messages. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
