>> A) You have to sign either all occurences of a header or none of them, ... >> >> B) Same as A, but limited to an enumerated set of headers that are >> supposed to occur only once. >> >> c) Same as B, but tell signers to use the h= trick to make verification >> fail if extra headers show up.
>Realistically useful advice probably has to influence rendering of >messages. That might mean MUA participation or it might mean mailstore >participation that removes all (typically) rendered headers that are >unsigned. Gosh, I hope not. I'd like DKIM to be sturdy enough that I can trust stuff signed by people I know and not have to backstop it by tricks elsewhere to defend against malicious changes that DKIM didn't notice. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html