On May 20, 2009, at 3:57 PM, Michael Thomas wrote: > Steve Atkins wrote: >> Remember that we're considering the content of the message as >> displayed to the end user here, > > No we're not. That has never been in the scope of the DKIM effort.
Even if it weren't section 8.1 of the existing RFC, it's pretty obvious that a security issue that allows an attacker to create a validly signed email with their own content without access to the associated private key would be in scope for discussion. Cheers, Steve _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html