On 8/29/20 12:42 PM, Douglas E. Foster wrote: > To elaborate on my question and Michael Hammer's answer: > > To be unique, a signature needs a unique dataset from which the hash > is computed. The weak signature will not be unique because it will > be computed on non-random content such as From, To, and Date.
Unique != random. A time stamp (with enough precision) might be unique, even though it is not random. For that matter, DKIM signatures don't include any random values either. But what I was getting at is that the "weak" signature might not have to be any different from any other DKIM signature (except possibly to specify the authorized mediator). It's just that a verifier might fully verify the mediator's signature, and verify the original signature but not check to see if the body hash matches. The one problem is that some mediators add things like [dmarc-ietf] to the subject line, and that's usually signed. -Jim
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc