Mark Martinec wrote: > "relaxed" might work in that particular example, although sendmail > is still notorious for mangling header fields such as a To:, which is > why I generally recommend not signing the To:.
For a normal authentication mechanism, the idea of leaving something as important as a recipient address field "unprotected" would seem heresy. But, then, DKIM isn't for normal authentication. All it is really trying to protect is the association between the signing domain name and the message. The only parts of the message that need to be hashed are the ones that are essential for that purpose. The choice of what is essential might vary, but for most situations, it will probably be a much smaller portion of the message than one would expect. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
