On Fri, Jun 19, 2020 at 5:09 PM John Levine <jo...@taugh.com> wrote: > >There's a chance that it is possible to specify a small range of > >modifications and arrange a style of signing that could survive them. > >So for originating and mediating sites that conform to that range, a > >'preserved' original authentication might be possible. > > > >However... > > > >I don't remember enough detail from the original dmarc discussions, so I > >don't remember how much of this was discussed, but I vaguely think it > >was covered. > > It definitely came up in DKIM. It rapidly became clear that there > are many things that lists do that have simple user semantics but > are hopeless to describe in terms of bytes in the message, e.g., > reordering or deleting MIME parts.
A number of drafts were floated, as I recall. I had a couple. In one case, I think it was a new DKIM signature tag. The idea was to place a small annotation on the message of some kind that effectively meant something like "MTA X asserts that it added '[foobar]' to the Subject: field". Another might be the usual "--" followed by a short signature added to a plain text (or maybe non-MIME) body. A validator could then try undoing that and repeating validation to see if the author signature then verified. At the time, the feedback was that this was too fragile to get right, but I don't think anyone ever looked at it in the 80-20 sense. I wish in hindsight I'd tried it anyway as an experiment, with maybe a couple of senders, receivers, and mailing lists as participants. -MSK _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc