On 8/8/25 00:39, Phillip Tao wrote:
So, I propose that unobtrusive signatures actually be built on the first
part of that. Meaning, rather than wrapping the headers in a multipart
mixed and signing that, attaching a header field that very closely
mirrors the DKIM2 header field, and following the exact same mechanism
to sign the body and selected headers.
See also the discussion we had during the past OpenPGP email summit:
https://www.openpgp.org/community/email-summit/2025/minutes/#cleartext-non-disturbing-signatures-in-headers-dkg
Here are two arguments that support inclusion of the end-to-end
signature in the body:
* the DKIM signature then also covers the e2e signature,
so it cannot be stripped without being noticed
* added mailing list footers break a DKIM-style signature,
however, if the footer is added as a wrapper around the body
(additional MIME layer added), then the inner signed part
can be clearly identified and could still be validated.
Kai
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
