|
|
|
|
|
|
by Alex3917
3053 days ago
|
|
|
> if there are unforgeable signatures on some of the content (e.g. DKIM signatures from third parties on incoming emails) FWIW, in many cases content can be changed even if signed with DKIM without breaking the signature. http://noxxi.de/research/breaking-dkim-on-purpose-and-by-cha... I think email clients should be rethinking how they communicate to users whether or not an email is signed, e.g. if the headers haven't been oversigned and/or the full body hasn't been signed then it may be better to just show the message as having been not signed at all. |
|
|