,---
|3.5 The DKIM-Signature header field
|...
| The "DKIM-Signature:" header field is always included in
| the signature calculation, after the body of the message;
| however, when calculating or verifying the signature, the
| value of the b= tag (signature value) MUST be treated as
| though it were the null string. Unknown tags MUST be signed
| and verified but MUST be otherwise ignored by verifiers.
'___
Change to:
: The "DKIM-Signature:" header field is always included in
: the signature calculation, after the body of the message;
: however, the value of the b= tag (signature value) for only
: the specific DKIM-Signature header field being created or
: verified MUST be treated as though it were the null string.
: Unknown tags MUST be signed and verified but MUST be otherwise
: ignored by verifiers.
,---
| 3.7 Computing the Message Hashes
|...
| 2. The "DKIM-Signature" header field that exists (verifying) or will
| be inserted (signing) in the message, with the value of the "b="
| tag deleted (i.e., treated as the empty string), canonicalized
| using the header canonicalization algorithm specified in the "c="
| tag, and without a trailing CRLF.
|
| All tags and their values in the DKIM-Signature header field are
| included in the cryptographic hash with the sole exception of the
| value portion of the "b=" (signature) tag, which MUST be treated as
| the null string. All tags MUST be included even if they might not be
| understood by the verifier. The header field MUST be presented to
| the hash algorithm after the body of the message rather than with the
| rest of the header fields and MUST be canonicalized as specified in
| the "c=" (canonicalization) tag. The DKIM-Signature header field
| MUST NOT be included in its own h= tag.
'---
Change to:
: 2. For only the "DKIM-Signature" header field that is being verified
: or created, is the value of the "b=" tag deleted (i.e., treated
: as the empty string), canonicalized using the header
: canonicalization algorithm specified in the "c=" tag, and without a
: trailing CRLF.
:
: When verifying or creating a specific DKIM-Signature header field, all
: the tags and their values are included in the cryptographic hash with
: the sole exception of the value portion of the "b=" (signature) tag
: within this header field, which MUST be treated as the null string.
: All tags MUST be included even if they might not be understood by the
: verifier. The header field MUST be presented to the hash algorithm
: after the body of the message rather than with the rest of the header
: fields and MUST be canonicalized as specified in the "c="
: (canonicalization) tag. The DKIM-Signature header field MUST NOT be
: included in its own h= tag.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html