At 3:43 PM -0800 12/26/06, EKR wrote:
I don't know what's being proposed here, but as a technical matter
it's not really the case that you can't individually insulate each
header from breakage without doing a separate signature for each
one. Rather, you could simply include digests for the header value in
the header specification, i.e.,
DKIM-Signature: a=rsa-sha256; d=example.net; s=brisbane;
c=simple; q=dns/txt; i=(_at_)eng(_dot_)example(_dot_)net;
t=1117574938; x=1118006938;
h=from=<digest-value>:to=<digest-value>:subject-<digest-value>:date=<digest-value>;
...
This is actually less information than the z= tag, which says what
the value was when signed.
--Paul Hoffman, Director
--Domain Assurance Council
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html