On May 30, 2011, at 3:23 PM, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org] >> On Behalf Of Steve Atkins >> Sent: Monday, May 30, 2011 9:14 AM >> To: DKIM List >> Subject: Re: [ietf-dkim] New canonicalizations >> >> The most obvious thing that MLMs do that invalidate signatures are 1. >> append content to the body and 2. prepend content to the subject line. >> Any approach that allows me to replay messages while making those >> changes seems to open the door to abuse. > > Agree on all counts. And I talked to the Mailman people, for example, about > a modified header canonicalization that deals with Subject: tagging, and they > also agreed it wouldn't help that much since that's not the most common > change made that would invalidate the signatures.
Yup, that too. > So as far as I can tell, we're at a point where lots of people think they > want MLM survivability of signatures, Maybe. If you can't name ten, there aren't lots. > or at least the chain-of-trust capability, but no proof that the increased > risk is worth the increased gain. Chain of trust is a somewhat different thing, and could likely be implemented with little, if any, increased risk in the case where the MLM is trusted (for some meaning of the word that probably boils down to manual whitelist or positive reputation of the MLM operator) by the recipient. The MLM signing the re-sent message, including an A-R header or some slight variant, is the obvious way. I don't think there's much gain to be had there, but it can be done with little effort and little risk. Cheers, Steve _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
