"Which header fields are essential to protect?
How much of the message body is essential to protect?"
Your questions are noted. Other than the MUST to sign the From: header,
the DKIM spec offers the technical latitide to create a totally worthless
signature. I don't know anyone who disagrees with that.
Since I think we're only proposing some more SHOULD advice on how to
create robust signatures, I don't really see how they're relevant to the
question of double signing.
I don't mean we should rip out all the advice, merely that we need to
distinguish between soft advice and serious, technical specification.
Sorry, we also need specificity. Since we are in the process of preparing
4871bis, precisely which soft advice in 4871 should we remove?
Section 1, on page 4, includes an attempt to distinguish DKIM from S/MIME.
That doesn't affect signing or verification, so should we remove it?
Section 1.1 has an INFORMATIVE RATIONALE saying what the signing identity
doesn't mean. That doesn't affect signing or verification, so should
we remove it?
Section 1.2 is non-operational history about intended scaling. That
doesn't affect signing or verification, so should we remove it?
In section 2.6, in item 2 on page 8, the last two sentences describe a
putative motivation for the first sentence. That doesn't affect signing
or verification, so should we remove it?
I'll let you go through the rest of the spec.
R's,
John
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html