On August 17, 2005 at 07:52, Michael Thomas wrote:
Which header do I use for verification if multiple DKIM-Signature
fields are presents? Do I assume that it is the next one below
me, hoping no re-ordering has been done?
Why should order matter? Even if, say, the domain that
asserts the corresponding From address were out of order...
so what? What I do is look for the first signature that
asserts the From address successfully, and I'm done.
How do you look for the first signature that matters? If the first
(however you decide to examine the message headers -- top-to-bottom,
bottom-to-top, random?) DKIM-Signature lists another DKIM-Signature
as the list of fields included in the signature, which DKIM-Signature
field should be included during the crypto verification process?
Note, in your usage model, the first DKIM-Signature checked may not
be the "first" that successfully asserts the From.
If all you are looking for is the "first" signature that asserts
the From, then what value do the other signatures provide?
Also, there appears to be value of having signatures binded to
something else besides From (like trace signatures). Is such usage
outside of the scope of DKIM?
--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org