[Mailman-Developers] MIME footers
Stephen J. Turnbull
stephen at xemacs.org
Sun Mar 1 14:43:22 CET 2015
Mark Sapiro writes:
> The second problem is what good is even a valid DKIM sig of only a
> subset of the parts of a message? I.e., if I can take a valid DKIM
> signed message and add my own MIME part(s) without any cooperation
> from the original signer, what is the meaning of the sig in this
> case?
Note that this already has precedent in that not all header fields
need to be signed, and in that DKIM already provides a (mostly unused)
content-length parameter that would allow adding arbitrary material as
a footer (I do mean arbitrary, most MUAs still understand uuencode).
It means that a paranoid MUA won't display the unsigned content at
all, and a cautious MUA will take actions like disabling links,
displaying with a warning theme, or even presenting those parts as
buttons accompanied by warning messages so that the user would have to
explicitly request display.
In the end, the semantics of signed or unsigned content are up to the
receiver, but I think the above ideas are pretty obvious ways to treat
such messages.
More information about the Mailman-Developers
mailing list