Re: [Exim] Yahoo DomainKeys...

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Matthew Byng-Maddick
CC: exim-users
Subject: Re: [Exim] Yahoo DomainKeys...
On Wed, 2004-05-19 at 10:58 +0100, Matthew Byng-Maddick wrote:
> On Tue, May 18, 2004 at 08:18:34PM -0400, Dean Brooks wrote:
> > Anyone see any merit in this and have any ideas on how this could
> > be plugged into Exim if it ends up going anywhere?
>
> As far as I'm concerned, http://antispam.yahoo.com/domainkeys#a12 is a
> show-stopper.


It's mostly fixable. You give not only a signature, but also the number
of lines in what you signed, a cheap rolling checksum of the same. So
it's nice and easy to start with the first N lines and roll your
checksum forward through the mail until you have a set of N lines which
match the cheap checksum, then check the proper signature.

Then you can easily find the lines within the mail which were actually
signed by the sender. Allow multiple signatures on the same mail (From:,
Sender:, Resent-Sender: and all..) and let the MUA worry about how many
'unsigned' lines we should allow, or if they should be displayed in a
different colour, etc.

--
dwmw2