On 04/06/2011 12:34 PM, Steve Atkins wrote:
On Apr 6, 2011, at 11:05 AM, Michael Thomas wrote:
The alternative would be very squirrelly when you think
of the general case of multiple signers in the path.
The approach I suggest has no problems with multiple
signers even if they, for some reason, all want to add
Yes it does. In your example, a second signer who isn't
privy to whether it knows the birth date could either sign
it because it wants to keep transport integrity, or not
sign it because it doesn't actually know the veracity of
the X-Birthdate: header. The receiver is then left trying
to figure out who is asserting what, most likely by putting
new rules/requirements on the DKIM signer.
Messy and error prone. At least if you put it into the signature
header you know for certain what the signer's intention is.
NOTE WELL: This list operates according to