It appears that Hannah Stern <[email protected]> said: >> 1) Find in the message which of the recommended header fields are >> present. Read the header fields in the order found in the recommended >> header field list, > >I'd suggest sorting headers by case-insensitive lexical sort of header >field keys, and within the same key, by original order in the header.
But that still screws up if a helpful relay switches the order of two fields with the same key. Just do a case-insensitive sort of all of the header fields that go into the hash. >I'd suggest removing the reversal (bottom to top). Agreed. Or if that's really what people want, reverse the sort order. >absence of excess copies) for a field key that is signed, this reversal >is obsolete. > >> 2) Take the list of extra header field names given in the colon >> separated "h=" header field name list, and read the header field in the >> order found. ... > >See above. In terms of order, I'd suggest sorting them >lexicographically, together with the fixed mandatory set of header field >keys. Yup. >Hashing would thus be "determine list of header field keys to be signed, >based on the fixed set plus the additional set from h=; for each of this >list, get all fields with the stated key, canonicalize 'relaxed', add to >hash". I think we agree here, give or take my nit about sorting the full header fields. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
