At 11:28 PM +0100 4/4/06, Stephen Farrell wrote:
Paul Hoffman wrote:
At 10:59 PM +0100 4/4/06, Stephen Farrell wrote:
If no-one wants to insist on signatures having to be sequential,
then this could be fairly easy!
Signatures have to be sequential if you sign them, given our
current rules for signing and verifying h=.
Then I'm confused. Someone want to help me out?
I was under the impression out latest proposal was that you didn't
have to, but could choose to, include (other) DKIM-Signature fields
in h= and that if you do so choose (i.e. you want sequential sigs)
that's fine, the verifier will do the right thing (if there's no
re-ordering), so inside h= DKIM-Signature is handled just like
Received.
Yup.
OTOH if you just want parallel sigs, you simply omit
DKIM-Signature from the h= and only bytes from this DKIM-Signature
will be input to hashing.
Some signers will want to sign parallel signatures for a variety of
reasons, one of which is that they want to avoid the bid-down attack
(despite the fact that we on this list agree it is not important).
They do their first signature as normal, then they do their second
signature, adding a "DKIM-Signature" to the h= list. This is
optional, of course.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html