I agree with the below. There is already a means to determine what
header change broke the signature (assuming a signer is interested in
providing the necessary data) and assuming a verifier even cares.
--
Arvel
Paul Hoffman wrote:
What is being proposed above is that an additional signature be
generated and validated for every "important" header. That is a huge
waste of energy, and it will cause massive unnecessary resource usage,
particularly for recipients who don't care why a signature might not
have validated.
If the concern is "accidental" breakage, Michael's point is exactly right:
At 8:36 AM -0800 12/26/06, Michael Thomas wrote:
One can already do this by copying the relevant headers into the
signature
using z=. I already do this and it works just fine for mailing lists.
If the concern is "purposeful" breakage, encouraging signers to sign
messages covering only the From header and none of the body is
incredibly bad. Wayne is exactly right:
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
