Paul Hoffman wrote:
At 10:59 PM +0100 4/4/06, Stephen Farrell wrote:
If no-one wants to insist on signatures having to be sequential,
then this could be fairly easy!
Signatures have to be sequential if you sign them, given our current
rules for signing and verifying h=.
Then I'm confused. Someone want to help me out?
I was under the impression out latest proposal was that you didn't
have to, but could choose to, include (other) DKIM-Signature fields
in h= and that if you do so choose (i.e. you want sequential sigs)
that's fine, the verifier will do the right thing (if there's no
re-ordering), so inside h= DKIM-Signature is handled just like
Received. OTOH if you just want parallel sigs, you simply omit
DKIM-Signature from the h= and only bytes from this DKIM-Signature
will be input to hashing.
> The question is whether or not we
care about the cases where multiple signed headers get reordered, thus
breaking the signature.
Haven't heard much if any demand.
NOTE WELL: This list operates according to