On 10/17/2017 04:28 PM, Dimitri Maziuk wrote:
Why? If this message doesn't match its signature, then it has been
altered in transit for sure. If were not signed, like when I post from
home (because I can't be arsed to set gpg up on winderz), then there's
no telling if it was or wasn't. One of those things is quite a bit not
like the other.
If I understand your question correctly....
DKIM is meant to cryptographically prove that a message is unaltered (*).
I think that DKIM is avoiding the possibility that a message could be
incidentally modified in transit, i.e. encoding conversion, thus not
maliciously modified. As such, DKIM does not penalize for broken
signatures. Instead, DKIM rewards valid signatures.
I know it's a small nuanced distinction, but it is there.
* ROPEMAKER further complicates this throwing lots of wrenches in the works.
--
Grant. . . .
unix || die
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
