ietf-mailsig
[Top] [All Lists]

Re: Better DKIM Verification Example Needed

2005-07-29 20:01:39


Earl Hood wrote:
> On July 27, 2005 at 15:26, Michael Thomas wrote:
>
>
>>>IMO, it is much cleaner to have the signature in its own header
>>>field so header field canonicalization is uniform across all
>>>fields.
>>>
>>
>>What happens if you have more than one signature? I don't see it as
>>any cleaner and in fact it looks like it adds complexity to me.
>
>
> I'm assuming the complexity is associating the signature data
> with the meta-info data.  If the header fields are the same
> name, their proximity together determines what goes with what.
> I believe Ned stated in the past that re-arranging of same-named
> header fields does not happen, or is extremely rare.

I don't understand what is to be gained, and I see a lot of
extra processing, complexity, and chances for unexpected
behavior... for as far as I can see aesthetics. (aesthetics
that I don't share, fwiw).

Actually, I think you have this exactly backwards. Putting the signature in a
separate field simplifies matters rather than complicating them. There's no
longer any need to create a special version of the field with the signature
value removed, no need to worry about trailing terminators or special handling
- handling which people apparently are already having problems getting right.

Two fields provide clean separation between the stuff that goes under the
signature and the stuff that doesn't (including but not limited to the
signature itself).

The price paid for this is the use of two fields. Using two fields with
different names might be problematic for reasons previously discussed, but
using two fields with the same name is, AFAIK, a safe thing to do.

Mind you, I'm not insisting on this rearrangement. In particular, while I think
it will make implementation easier, I don't think it will significantly improve
our ability to deploy. But regardless, I have to reject the assertion that this
rearrangement would complicate things.

                                Ned

<Prev in Thread] Current Thread [Next in Thread>