On Thu, Nov 21, 2013 at 09:07:44AM -0500, Wietse Venema wrote:
> > DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=devisubox.com; s=mail;
> > t=1385028965; bh=75o/sAM/Vtv41UrIwg0b4q1zZtrst1XwSPtjrKyZij0=;
> > h=To:Subject:From:Reply-To:Content-Type:Content-Transfer-Encoding:
> > Message-Id:Date;
>
> This email contains Content-Type: and Content-Transfer-Encoding:
> without MIME-Version: header. That is the result of buggy software.
Furthermore, "simple" canonicalization is too fragile, use "relaxed"
at least for the headers. I would add "Cc" and "Content-Disposition"
and all the above to the list headers signed even when absent (thus
detecting downstream insertion as a DKIM signature failure).
--
Viktor.
