On Mon, Nov 20, 2017 at 02:46:08PM -0800, Steve Atkins wrote:
> That's poor practice, for several reasons - replay attacks with added content
> and it being an extremely rare practice that's likely to trigger bugs in DKIM
> validation are two. The latter is the much bigger deal.
>
> It also doesn't help much for most MIME encoded mail (including base64
> encoded plain text, like the mail I'm replying to).
>
> Pretending those paragraphs aren't there is the right thing to do.
Yes. Also the DMARC and forthcoming ARC mechanisms -- super important
for people behind gmail and yahoo and so on -- make that feature not
really work, AFAICT. I think that part of DKIM is busted, and the
authors of it I've talked to seem to agree.
A
--
Andrew Sullivan
ajs@crankycanuck.ca