On Wed, Apr 1, 2015 at 7:35 AM, Anne Bennett <a...@encs.concordia.ca> wrote:
> Some days ago I tentatively suggested signing only part of > some message parts, in particular part of the Subject header > (excluding any future additions of "[list-identification]"), > assuming that such an approach had doubtless already been > suggested elsewhere. I was expecting to hear either "been > there, tried that, won't work", or (a polite version of) "that's > a dumb idea because...", but I've heard nothing. I can't quite > make myself believe that you're all rendered speechless by my > sheer genius, so... why *won't* something like that work? I missed the earlier suggestion. As I recall this was considered during the development of DKIM originally, exactly for this reason. We rejected it because we couldn't come up with a safe description of what a tag should look like. If arbitrary text is allowed in there, then one could "tag" a spam URL at the front of a legitimate message's Subject field and the signature would still pass. If you assert a length limit on the size of a tag, then lists out there that use some longer mnemonic to identify the list are excluded. If you assert no special characters are allowed, you exclude international list names. Not all list tags use the square brackets at the front as delimiters. Et cetera. Short of introducing legislation about what constitutes a "standard" set of list modifications, which would be highly controversial and consensus firmly disliked, there wasn't a good path forward there, so the working group dropped the idea. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
