On Thu, Nov 25, 2021 at 12:07 AM Wei Chuang <wei...@google.com> wrote:
> Sorry I wasn't too clear here. It's largely the same idea as the DKIM > body length "l=" field above except for reformulated for the Subject header > and its mailing list mutations. The original sender would encode a length > of the original subject say "s.l=<value>". A receiver would only hash the > right most "s.l=<value>" length string when validating a Subject hash from > the original sender. This assumes that mailing lists may prepend a string > typically for identification. Seems to me that means I could insert anything I want before the last N octets of Subject -- say, a URI pointing you to an ad or other unsavory content -- and the original signature will verify. -MSK >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc