On Sat, 19 Aug 2017, at 11:43, Murray S. Kucherawy wrote: > On Thu, Aug 17, 2017 at 5:22 PM, Brandon Long > <bl...@fiction.net> wrote:>> We went down the path of including a diff of the > message in the >> headers, but you run up against more complicated changes that make >> that challenging. Ie, mailing lists which strip attachments. If all >> we cared about were subject munging and footers, there probably would >> have been a practical solution there.> > I wrote a draft a while ago that would allow a DKIM-Signature to > include an annotation indicating that the signing ADMD did one or more > of a specific set of small but well-defined message changes (e.g., add > a footer, add a Subject tag). Knowing what those are, a verifier > could undo them and attempt validation of earlier signatures in the > handling chain. Presumably if no other modifications were made, the > original content is thus discoverable, and you could then produce a > chain of custody of the actual content before you that makes sense.> > If that's worthy of consideration now I could certainly revivify it.
That seems really valuable to me. Being able to track the provenance on individual parts of the message payload is a much stronger way to determine who is at fault when bad content is being injected than just knowing some bits of the message handling chain. Bron. -- Bron Gondwana, CEO, FastMail Pty Ltd br...@fastmailteam.com
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc