ietf-mailsig
[Top] [All Lists]

Re: DKIM - Header Fields

2005-07-18 16:11:28

Its pretty useful to be able to sign Authentication-Results ...

That can't be done. This header is subject to stripping and if it gets signed and later stripped it ruins the signature. So, this one must not be signed. It would also be useful to sign the Return-Path header I guess but this also can't be signed because it is subject to stripping as well. Basically, any header in which it's own specification mandates or even suggests with a "MAY" that a change or removal might occur - these must not be included in a signature IMO. MDaemon doesn't sign any X-* header, Return-Path, or Authentication-Results for this reason.

--
Arvel




<Prev in Thread] Current Thread [Next in Thread>