At 07:51 PM 11/4/2004 -0800, william(at)elan.net wrote:
So lets say we want to make sure the signature survives if Subject and From
are changed, then we copy the headers into "Duplicated-Subject:" and
"Duplicated-From:" in these are not "normal" headers but are considered
trace headers, like Received - so they are not to be modified by subsequent
systems. Now its a lot easier for email signature standard because all its
need to do is to create hash of all trace headers rather then creating
specific list of headers to be signed.
By making new headers out of the duplicates, doesn't that introduce a
requirement that the ordering of these headers be maintained? Otherwise the
order of headers into the hash will be ambiguous.
Also, aren't there conversions that can happen (i.e., conversion per RFC 2047
for non-ASCII text) that can occur even for non-standard headers? I suppose
this particular one can be gotten around by requiring RFC 2047 conversion prior
to signing, which is likely what we'll need to do with IIM as well.
-Jim