On August 17, 2005 at 07:52, Michael Thomas wrote: > > Which header do I use for verification if multiple DKIM-Signature > > fields are presents? Do I assume that it is the next one below > > me, hoping no re-ordering has been done? > > Why should order matter? Even if, say, the domain that > asserts the corresponding From address were out of order... > so what? What I do is look for the first signature that > asserts the From address successfully, and I'm done.
How do you look for the first signature that matters? If the first (however you decide to examine the message headers -- top-to-bottom, bottom-to-top, random?) DKIM-Signature lists another DKIM-Signature as the list of fields included in the signature, which DKIM-Signature field should be included during the crypto verification process? Note, in your usage model, the first DKIM-Signature checked may not be the "first" that successfully asserts the From. If all you are looking for is the "first" signature that asserts the From, then what value do the other signatures provide? Also, there appears to be value of having signatures binded to something else besides From (like trace signatures). Is such usage outside of the scope of DKIM? --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
