I actually like Charles's edits except for one paragraph, and, as a participant, would be happy to change 8.15 accordingly. The one problem paragraph is this one:
On Wed, Jul 6, 2011 at 7:17 AM, Charles Lindsey <[email protected]> wrote: ... Recall that, when multiple instances of a given header field are present, they are signed starting with the last one and working upwards (section 5.4.2). A variety of attacks taking advantage of this feature can be envisaged. In some, the attacker is himself the signer, signing the second of some duplicated field on behalf of his own domain, whilst hoping that some lenient MUA will display only the first. In others, a genuine signature from the domain under attack is obtained by legitimate means, but extra header fields are then added, either by interception or by replay. As Pete has pointed out -- and has he's adamant about -- the signer can't attack... that is, DKIM can't do anything about "attacks" by the signer. And that's as Charles's text itself points out. So I'd be happy merging just the last sentence with the next paragraph, and eliminating the rest: "A genuine signature from the domain under attack can be obtained by legitimate means, but extra header fields can then be added, either by interception or by replay. In this scenario DKIM can aid in detecting such addition of specific fields in transit. This is done by having the signer list the field name(s) in the "h=" tag an extra time [...etc...]" Barry, as participant _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
