On Sat, May 31, 2014 at 4:30 AM, Stephen J. Turnbull <step...@xemacs.org> wrote:
> Also, the last time partial signatures came up, it was pointed out > that there are *no* MUAs that differentiate between signed parts and > unsigned parts. You don't get a warning when your eyes move from a > signed part to an unsigned part or vice-versa the way you do when > following a link from an HTTP URL to an HTTPS URL in a browser. The > DKIM advocates have not liked the idea of signatures that don't apply > to the whole message at all. > All true, but that's mostly specific to MUAs. There's nothing saying a filter of some kind could do something special with appended content when it senses a message that's bigger than what was signed. The library in OpenDKIM does make it easy to spot these, for example, and can tell you stuff like which header fields were added or modified and in what way, or how much of the content was signed and how much wasn't. We didn't intend for this to be used by MUAs, however, so to some degree they're doing what we expected. The reason I asked is that there's a proposal for a DKIM canonicalization that could survive modifications if the modifications are entirely in new MIME parts. Thus, if an MLM altered the message strictly by adding parts, the added parts could be easily isolated by this method, and the remainder verified against an author signature that should still validate (modulo Subject field changes). So you'd have a DKIM signature from the author domain that validates on the original author content (the final content minus the added part), and a DKIM signature from the list domain that validates on the modified content. I'm trying to figure out if that would be useful at all, but it sounds like MUAs are the showstopper there. -MSK _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
