On Fri, 7 Nov 2008, SM wrote: > Section 5.5 of the DKIM specification has a list of headers that should > be included in the signature. The To: header is part of that. > > It's not a good idea not to sign the To: header as it's part of the > "visible" headers that are displayed in the MUA.
Moreover, the sendmail MTA will rewrite about a dozen header fields if they're present with the same formatting code. If you insist on omitting "To", by the same logic may as well omit the rest of them. Unfortunately, From: is one of them, and that one MUST be signed. (Fortunately, though, it almost always contains only a single address so it doesn't really get rewritten.) There's also at least one verifier out there that insists "To" (and "Subject" and any other header field most MUAs render) be signed or it considers the signature invalid. To mitigate some of these false verification failures, I'm considering making "relaxed/simple" the default canonicalization for the filter rather than "simple/simple". Opinions? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
