At 16:46 06-11-2008, Mark Martinec wrote: >...nor does "relaxed" help when sendmail inserts a FWS where there was none >originally, like after a comma separating addresses in a To: header field >(or after a colon, as was already mentioned here). Seems like the To field >is subject to more threats than most other header fields - and since it is >pretty much an informative-only header field (addresses are propagated >out-of-band in the envelope from MSA to the final delivery, the To: has >no effect on mail delivery nor on DSN), I don't think it is a great loss >to just leave it out of the signature.
Section 5.5 of the DKIM specification has a list of headers that should be included in the signature. The To: header is part of that. It's not a good idea not to sign the To: header as it's part of the "visible" headers that are displayed in the MUA. Regards, -sm ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
