I thought I have read somewhere a few months back that the default list of
signing headers is all headers, but I don't seem to find this reading.
Maybe I just assumed it.
If not, this might be a separate valid point or DKIM question to be
discussed.
- Default h= header fields.
In section 3.5, "The DKIM-Signature header field", it describes h= tag is
required, but it doesn't say is there is default list of header.
Maybe it is implied that all headers are signed if h= is empty?
Maybe it is implied that it is the basic headers:
h=from:to:subject:date;
Can it be empty?
DKIM-SIGNATURE: ......
h=;
This might be a candidate for a threat investigation.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org