On Wednesday, October 13, 2010 03:59:27 pm Jeff Macdonald wrote: > On Wed, Oct 13, 2010 at 2:47 PM, Scott Kitterman > > <ietf-d...@kitterman.com> wrote: > > On Wednesday, October 13, 2010 02:27:29 pm Jeff Macdonald wrote: > >> And even if there was a DKIM signature, it is the BAD GUY'S signature, > >> which should cause it to go into the SPAM folder, with a large > >> phishing warning. > > > > No. That misses the point entirely. The problem here is that one can > > take a DKIM signed message that is signed by any entity and add > > additional From/Subjects and the message may still appear to be the one > > signed by the original entity even though it's been modified > > post-signature. > > Right. I had understood that and then forgot. > > If DKIM is just viewed as providing an identifier and nothing more, > then this is a MUA problem. > > If DKIM is viewed as providing more than an identifier, then this is a > DKIM problem.
The identifier only makes sense within a context. For DKIM that context is the signed content. For the identifier to be meaningful, it has to be connected to the actual content of the message, if not, the identifier could be arbitrarily reused and would serve little purpose. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
