On 11/21/2017 10:39 AM, Andrew Sullivan wrote:
On Mon, Nov 20, 2017 at 02:46:08PM -0800, Steve Atkins wrote:
That's poor practice, for several reasons - replay attacks with added content
and it being an extremely rare practice that's likely to trigger bugs in DKIM
validation are two. The latter is the much bigger deal.
It also doesn't help much for most MIME encoded mail (including base64
encoded plain text, like the mail I'm replying to).
Pretending those paragraphs aren't there is the right thing to do.
Yes. Also the DMARC and forthcoming ARC mechanisms -- super important
for people behind gmail and yahoo and so on -- make that feature not
really work, AFAICT. I think that part of DKIM is busted, and the
authors of it I've talked to seem to agree.
it seems to *ME* like a simpler solution to the original problem would have been to simply STRIP any DKIM out of the original messages, and continue to munge headers and footers like mail list reflectors have been doing for decades.
--
john r pierce, recycling bits in santa cruz
