ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] z= question with X headers

2006-04-28 14:28:57
from [Hector Santos] [Permanent Link] 
I agree. I highlighted the ambiguity for the issues list.

But I wanted to point out even without multiple signatures, what to do when
a header is missing or changed.

I believe what came out of the little discussions was that in the end, it
(z=) is totally useless information for verifiers. It is purely for signer
diagnostics.

I can see an implementator going the extra mile trying to find out "why" a
hashing failure.  It might do a header comparison if it is listed in z=.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com



----- Original Message -----
From: "Tony Hansen" <tony(_at_)att(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Friday, April 28, 2006 4:55 PM
Subject: Re: [ietf-dkim] z= question with X headers



The pseudo code ignores the case where multiple existences of a header
field name may exist in either/both of the h= and z= values.

Tony

Hector Santos wrote:

----- Original Message -----
From: "Eric Allman" <eric+dkim(_at_)sendmail(_dot_)org>
To: <arvel(_dot_)hathcock(_at_)altn(_dot_)com>
Cc: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Friday, April 28, 2006 3:34 PM
Subject: Re: [ietf-dkim] z= question with X headers



Perhaps:

"A vertical-bar-separated list of select header field names and
copies of header field values that identify the header fields
present when the message was signed.  It is not required to include
all header field names and values."

I've added essentially this wording.  Sorry for the confusion; it was
definitely ambiguous.


Thanks.  This was one of the issues I had brought in the issues list.

I think what is may be important is what to do when a header is

different

from a possible copy in the z= list.

I.e., for a mailing server that may alter the subject line to add the
[mailinglist_name] subject tag.

Example:  This might be the correction.

    // Hash Headers

    hash = empty;
    for each hdr in (dkim_h_list) do

      s  = mail_headers[hdr];
      sz = dkim_z_list[hdr];  // see is copy is available

      if (s != sz) {
         WHAT? INVALID?  Should they be the same?
         What can cause this? Mailing list?
      }

      if (s == "") s = sz;  // correction

      if (s != "")
         hash += hash_string(s)
      else
         WHAT? INVALID?

    end for

Make sense?

---
Hector



_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html




_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Body Length mechanism rejections, Mark Delany
Next by Date:  Re: [ietf-dkim] When i= domain != d= domain, Eric Allman
Previous by Thread:  Re: [ietf-dkim] z= question with X headers, Tony Hansen
Next by Thread:  Re: [ietf-dkim] z= question with X headers, Tony Hansen
Indexes:  [Date] [Thread] [Top] [All Lists]