With no headers at all being signed, a signature should still be either
valid or invalid and therefore still useful. Don't NEED headers for
base.
Thanks,
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill(_dot_)oxley(_at_)cox(_dot_)com
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Barry Leiba
Sent: Thursday, July 13, 2006 5:05 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Issue: which headers should we REQUIRE to be
signed?
I liked Dave's phrasing, so I'm using his message as the anchor for my
reply:
If we take the view that -base should be limited to mechanism, and
that it
defers "policy" issues to separate specification, as well as
operational
preferences that develop over time, then this makes quite a bit of
sense.
Given the discussion during today's working group meeting, I think we
should
seriously consider taking Mark's suggestion seriously.
I agree.
I personally like the idea that we should leave the decision of which
header fields to sign purely up to the signer. But that's me, not the
chair, talking.
As chair, I see a growing consensus to do it that way. Let's try to
resolve this issue tout de suite, and move on. I'd like to hear from
people who think we should have some headers as "MUST sign". I'd like
to hear from those who agree with Mark and Mike, that we should not have
any with "MUST".
What say you?
Barry
--
Barry Leiba, DKIM working group chair (leiba(_at_)watson(_dot_)ibm(_dot_)com)
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html