Any input regarding this?
Is the specs clear about this?
z= Copied header fields (plain-text, but see description; OPTIONAL,
default is null). A vertical-bar-separated list of header field
names and copies of header field values that identify the header
fields presented to the signing algorithm. The field MUST
contain the complete list of header fields in the order presented
to the signing algorithm. Copied header field values MUST
immediately follow the header field name with a colon separator
(no white space permitted).
Verifiers MUST NOT use the copied header field values for
verification should they be present in the h= field. Copied
header field values are for forensic use only.
The two paragraph seem to be in conflict.
Some messages here have exactly what I described below:
h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;
z=From:aaaaaaaa|Subject:bbbbbbbb|To:ccccccccccccc;
Based on this, what are the header values to be verified. If Z is for
"forsensic" only, then why is TO: listed when in fact, it is now part of h=?
When I first read this, it seems Z headers match the H headers but contains
the values used for hashing.
---
Hector
----- Original Message -----
From: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
To: "IETF-DKIM" <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Thursday, February 23, 2006 1:01 AM
Subject: [ietf-dkim] signature h= and z= tags
I need clarification with the DKIM-Signature: tags:
h=
z=
1) Can z= include headers that are not listed in h= and vice versa?
For example, a signature has:
h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;
and
z=From:aaaaaaaa|Subject:bbbbbbbb|To:ccccccccccccc;
the To: subject is included in z= but not listed in h=
2) If z= is defined, and h= has headers not listed in z=, but exist in the
822 headers, what do you do here for validating the hashing?
For example, Content-type:, Content-Transfer-Encoding:, and MIME-Version:
are in h= but not in z= but the three headers do exist in the email
headers.
3) Why so complex?
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html