> -----Original Message----- > From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] > On Behalf Of Mark Delany > Sent: Sunday, October 17, 2010 6:23 PM > To: ietf-dkim@mipassoc.org > Subject: Re: [ietf-dkim] Data integrity claims > > By DKIM process, I would include anything cognizant of DKIM upto but > not including the MUA. Mike's secret sauce would count here, eg.
Current implementations, especially the two library ones that are referenced most often in here, haven't the functionality to cause header fields to be removed, prefixed, reordered, modified, etc. This change would require them to be overhauled to extend their reach into what the MTA can do. That expansion of scope of "DKIM process" to me requires a recycle at Proposed Standard. > As others have said, there is nothing between DKIM and the MUA that > prevent DKIM exploitation so who is going to solve that problem if not > us? There's nothing between an MTA and an MUA that prevents this attack in the non-DKIM case at all. Whose place is it to fix that? I can't get my head around how that case is irrelevant here. This is not a new problem, but somehow we're being called upon to deal with it. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html