ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] signature h= and z= tags

2006-02-24 21:54:15
from [Hector Santos] [Permanent Link] 
Any input regarding this?

Is the specs clear about this?

   z=   Copied header fields (plain-text, but see description; OPTIONAL,
       default is null).  A vertical-bar-separated list of header field
       names and copies of header field values that identify the header
       fields presented to the signing algorithm.  The field MUST
       contain the complete list of header fields in the order presented
       to the signing algorithm.  Copied header field values MUST
       immediately follow the header field name with a colon separator
       (no white space permitted).

       Verifiers MUST NOT use the copied header field values for
       verification should they be present in the h= field.  Copied
       header field values are for forensic use only.

The two paragraph seem to be in conflict.

Some messages here have exactly what I described below:

   h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;
   z=From:aaaaaaaa|Subject:bbbbbbbb|To:ccccccccccccc;

Based on this, what are the header values to be verified. If Z is for
"forsensic" only, then why is TO: listed when in fact, it is now part of h=?

When I first read this,  it seems Z headers match the H headers but contains
the values used for hashing.

---
Hector




----- Original Message -----
From: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
To: "IETF-DKIM" <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Thursday, February 23, 2006 1:01 AM
Subject: [ietf-dkim] signature h= and z= tags



I need clarification with the DKIM-Signature: tags:

    h=
    z=

1) Can z= include headers that are not listed in h= and vice versa?

For example, a signature has:

   h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;

and

   z=From:aaaaaaaa|Subject:bbbbbbbb|To:ccccccccccccc;

the To: subject is included in z= but not listed in h=

2) If z= is defined, and h= has headers not listed in z=, but exist in the
822 headers, what do you do here for validating the hashing?

For example, Content-type:, Content-Transfer-Encoding:, and MIME-Version:
are in h= but not in z=  but the three headers do exist in the email
headers.

3) Why so complex?

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com








_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html




_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] agenda item on upgrading hash algorithms?, Hector Santos
Next by Date:  Re: [ietf-dkim] agenda item on upgrading hash algorithms?, Steve Atkins
Previous by Thread:  [ietf-dkim] signature h= and z= tags, Hector Santos
Next by Thread:  [ietf-dkim] Re: signature h= and z= tags, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]