On 04/14/2015 09:15 PM, Murray S. Kucherawy wrote:
On Tue, Apr 14, 2015 at 8:25 AM, Scott Kitterman <skl...@kitterman.com
<mailto:skl...@kitterman.com>> wrote:
I haven't reviewed his in detail, so I've no opinion. I was
talking about
this proposal. Not getting fancy with MIME parts would be nice,
so if this
one can work, I already like it better than Murray's, but if we
have to pile
this onto the stack of nice ideas, then that's probably what I'll
look at
next.
The elegance of John's idea is that it's content-agnostic, and is
apparently backward compatible because v=1 verifiers will not consider
the weak signature to be valid (unless they're already quite broken).
There's no need to learn to parse MIME structure in order to produce a
signature.
I think the concerning part is deciding when to add the weak
signature. The simplest thing is to always add it along with an
"@fs=" signature, but then you're basically allowing the forwarding
domain to sign any content it wants and you'll be approving it too,
implicitly.
Remembering to what great lengths the ietf-dkim group went to make sure
that every bit of a message was covered by the signature (and with the
l= discussions in mind) I would really be surprised if adding the @fs=
for all outbound mail would be an acceptable solution for the problem.
/rolf
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc