On Thu, 21 Oct 2010 16:17:18 +0100, Alessandro Vesely
<vesely(_at_)tana(_dot_)it>
wrote:
DKIM-Signature: d=Big-IPS.com; h=from; (supposedly)...
From Accounts(_at_)Big-Bank(_dot_)com
From Someone(_at_)Big-IPS(_dot_)com
Subject: Audit notification
<body of text saying anything>
In my hypothesis, a verifier would discard the 2nd "From
Accounts(_at_)Big-Bank(_dot_)com", at least for hashing purposes. If they
were
both signed, PERMFAIL would result from a mismatch in the header-hash.
If Big-Bank had been added after signing, verifiers are already
authorized to delete that field from the message, according to the
current PS. Isn't that enough?
I am am not clear what you are suggesting here. Please clarify. Do you
actually want to pass on to the recipient a message that was different
(i.e. lacked a header) from what came in. If so -1.
Or if you are saying that the varifier should hash the first From:
(contrary to 4871 with requires it to hash the second), thus triggering a
PERMFAIL, then you are indeed getting the right answer, but by some very
weird means.
Further thwarts can be specified in some ADSPbis, eventually. In
particular:
DKIM-Signature: d=Big-IPS.com; h=from; ...
From: Someone(_at_)Big-IPS(_dot_)com, Accounts(_at_)Big-Bank(_dot_)com
Subject: Audit notification
... (missing Sender)
Isn't that already required to have signatures from each, according to
4871?
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html