[Top] [All Lists]

Re: [ietf-822] DKIM differs from "--" first in lines to indicate start of signature

2016-01-05 10:57:16
On 01/05/2016 05:29 AM, Alessandro Vesely wrote:

DKIM differs in that its signatures live in the header --with the obvious
disadvantage of requiring two passes.  Drafts which inspired DKIM, [DK] and
[IIM], provide for storing signatures in the header too.

Out of curiosity, does anyone recall how this design decision came?

DKIM, DK, and IIM signatures are all intended to be applied and verified
by the infrastructure, not by end users. If the signatures were added to
the body, many users would call their email providers and ask, "What's
this junk in my message?" The cost of fielding those calls alone would
be a significant barrier to deployment. Putting the signatures in the
header makes them invisible to end users who don't ask to see the
header, so it provides the right answer to the visibility problem.

The signatures are of a constrained size, so why not just store a copy
of the signature header field and do the verification at the end of the
message receipt rather than make another pass for verification? I agree,
though, that adding an Authentication-Results or similar header field
would require another pass.


ietf-822 mailing list