On 3/3/2010 10:32 PM, Eliot Lear wrote:
Certainly. In a nut shell, the problem is at the implementation end
between the MUA and the signer. The common signers out there will only
do so for certain domains, and they will generally only do so, based on
the From: line. Here is where the confusion sets in. If an MUA sees an
address, such as the following:
Confusion, indeed. In what way is the From: line relevant to DKIM, other than
being part of the header field hash?
I believe we are not in any way implying any changes to the hashing algorithm,
since DKIM does not do field-specific processing. (For example, it cannot know
all of the possible address header fields.)
From: Eliot Lear =?iso-8859-1?Q?<lear(_at_)klapsm=FChle(_dot_)ch>?=
When the signer sees this, it could upgrade to get klapsmühle.ch, and
then check the punycode version of that. Things get more confused in
EAI, because there 8-bit MIME floating around. If you sign 8-bit MIME
and a downgrade occurs, the game is over, and the signature is invalidated.
Ahh, well, the DKIM specification does not provide text that guides selection
the d= value.
So, yes, the signer might have differential signing practices based on the
field, but that's outside the scope of the specification.
What am I missing?
NOTE WELL: This list operates according to