I agree. I highlighted the ambiguity for the issues list.
But I wanted to point out even without multiple signatures, what to do when
a header is missing or changed.
I believe what came out of the little discussions was that in the end, it
(z=) is totally useless information for verifiers. It is purely for signer
diagnostics.
I can see an implementator going the extra mile trying to find out "why" a
hashing failure. It might do a header comparison if it is listed in z=.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
----- Original Message -----
From: "Tony Hansen" <tony(_at_)att(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Friday, April 28, 2006 4:55 PM
Subject: Re: [ietf-dkim] z= question with X headers
The pseudo code ignores the case where multiple existences of a header
field name may exist in either/both of the h= and z= values.
Tony
Hector Santos wrote:
----- Original Message -----
From: "Eric Allman" <eric+dkim(_at_)sendmail(_dot_)org>
To: <arvel(_dot_)hathcock(_at_)altn(_dot_)com>
Cc: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Friday, April 28, 2006 3:34 PM
Subject: Re: [ietf-dkim] z= question with X headers
Perhaps:
"A vertical-bar-separated list of select header field names and
copies of header field values that identify the header fields
present when the message was signed. It is not required to include
all header field names and values."
I've added essentially this wording. Sorry for the confusion; it was
definitely ambiguous.
Thanks. This was one of the issues I had brought in the issues list.
I think what is may be important is what to do when a header is
different
from a possible copy in the z= list.
I.e., for a mailing server that may alter the subject line to add the
[mailinglist_name] subject tag.
Example: This might be the correction.
// Hash Headers
hash = empty;
for each hdr in (dkim_h_list) do
s = mail_headers[hdr];
sz = dkim_z_list[hdr]; // see is copy is available
if (s != sz) {
WHAT? INVALID? Should they be the same?
What can cause this? Mailing list?
}
if (s == "") s = sz; // correction
if (s != "")
hash += hash_string(s)
else
WHAT? INVALID?
end for
Make sense?
---
Hector
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html