On 14/Oct/10 20:09, Mark Delany wrote:
On Thu, Oct 14, 2010 at 08:01:17PM +0200, Alessandro Vesely allegedly wrote:
On 13/Oct/10 20:45, Scott Kitterman wrote:
> On Wednesday, October 13, 2010 12:54:23 pm Murray S. Kucherawy wrote:
>> If we can extract DKIM from the equation entirely and the problem
remains,
>> how is it a DKIM problem?
>
> If the DKIM signature doesn't verify after signed headers have been
altered,
> then it's not.
Correct. And the way that it fails to verify is h=from:from.
Which strikes me as an ugly hack. Given that most headers should only
occur once and given that a lot of signers sign most headers doesn't this
suggestion degenerate to
h=from:from:subject:subject:to:to:cc:cc:mime-version:mime-version:list-id:list-id?
Yes, it does. The only question is to devise normative statements
correctly, e.g. MUST duplicate "From", SHOULD duplicate the rest.
This is _not_ a kludge. It is how DKIM signing works (Section 5.4).
Are we worried about wasting 100~200 bytes per signature? (I get ~4Kb
headers nowadays, so that is about 3% of it.) Introducing an
abbreviation --e.g. an h2 tag-- is considerably clearer from an
algorithm developer's POV.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html