On Fri, 4 Jan 2008, [EMAIL PROTECTED] wrote: > Is the hash (DKIM header) which is shown in the Mailheader of an > outgoing mail created from the whole message (header _and_ body)? It is > not clear enough for me, because the header is changing on its way to > the receipient. On the other hand, it must be the whole message, because > of the "relaxed" (changes allowed via transfer) and "simple" (changes > not allowed via transfer) flags?
The process is described in detail in section 5 of RFC4871, but I can summarize it for you. Two hashes are generated when signing. One is the hash of the body, which is eventually stored in the signature header as the value of the "bh" tag. Then the headers to be signed are assembled and canonicalized, including the DKIM-Signature: header you want to add but without the value of "p=" (the actual signature). Those headers are then hashed, and that hash is signed using the private key. The signature thus generated is added as the "p=" value to the header just before it is sent. In this way, if you have a number of copies of a message to send and want to change the To: header (for example), you only need to compute the body hash once, and you just recompute the header hash and signature for each message. > The other question, is there another mailinglist just about DKIM > (because my question is just DKIM relevant). I don't know of a list for general DKIM Q&A, and one isn't shown at www.dkim.org either. You can ask your question here if you like. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
