On 31/May/11 00:23, Murray S. Kucherawy wrote: >> -----Original Message----- >> From: On Behalf Of Steve Atkins >> >> The most obvious thing that MLMs do that invalidate signatures are 1. >> append content to the body and 2. prepend content to the subject line. >> Any approach that allows me to replay messages while making those >> changes seems to open the door to abuse.
While that's true for MLM, I'm not sure it correctly reflects MTAs' behaviors. In particular, the X-MIME-AUTOCONVERT feature and whatever may cause MIME rewriting. This is MTA-specific, and affects MLMs as well as dot-forwards. Pareto has been discussed enough, so I don't comment on the fact that such minor part of the traffic would demand complicated and expensive implementations to go through correctly. > Agree on all counts. And I talked to the Mailman people, for > example, about a modified header canonicalization that deals with > Subject: tagging, and they also agreed it wouldn't help that much > since that's not the most common change made that would invalidate > the signatures. Yeah, reply messages have subject-tags already in place. If MLM subscriptions were known at submission time, tag addition before signing could be easily done by MSAs, MUAs, or manually by users. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
