> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Steve Atkins > Sent: Monday, May 30, 2011 9:14 AM > To: DKIM List > Subject: Re: [ietf-dkim] New canonicalizations > > The most obvious thing that MLMs do that invalidate signatures are 1. > append content to the body and 2. prepend content to the subject line. > Any approach that allows me to replay messages while making those > changes seems to open the door to abuse.
Agree on all counts. And I talked to the Mailman people, for example, about a modified header canonicalization that deals with Subject: tagging, and they also agreed it wouldn't help that much since that's not the most common change made that would invalidate the signatures. So as far as I can tell, we're at a point where lots of people think they want MLM survivability of signatures, or at least the chain-of-trust capability, but no proof that the increased risk is worth the increased gain. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
