On 31 Mar 2011, at 03:16, Franck Martin wrote: > Silly question (?): > > Knowing that many mailing lists add [topic] at the beginning of the Subject > line, what if DKIM was set to ignore that part when signing/verifying?
That's an implementation issue for verifiers, isn't it? If an rfc were to say anything at all, it might say that mailing lists will often break header signatures by prefixing the subject line. If a verifier finds a [] prefix and broken signature, it might like to try verifying a signature formed without that part of the subject line. It might also want to limit the number of characters in the prefix. And, it might like to keep a track of prefixes used with specific List-ID headers, to spot attempts to abuse this flexibility. I suppose some guidance as to what might be acceptable in the prefix might be warranted. You could, for example, restrict it to substrings of the (also signed) List-ID header. That would severely limit replay attacks. Anyway, the list should be signing messages after adding subject line prefixes, and after adding body footers. It's the list's signature, and the list's reputation that need to be assessed by the recipient. There are many other modifications that a list might make (like stripping attachments, body prefixes, and so on) that would make l= useless. > Would it help to solve the problem of broken signature thru mailing lists? > > I realize the issue would be to also detect the add footer, but if I recall > you can specify in dkim to sign only a certain length of the body and not the > whole body. > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html -- Ian Eiloart Postmaster, University of Sussex +44 (0) 1273 87-3148 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html