----- Original Message -----
From: "Earl Hood" <[EMAIL PROTECTED]>
To: <[email protected]>
> On October 19, 2005 at 15:13, "Hector Santos" wrote:
>
> > 1) The signer can use the z= tags to save the header signing data.
>
> Unfortunately, the verification algorithm, as it is currently designed,
> does nothing with z=. I think z= needs to be reconsidered, as
> I have noted awhile back (probably on ietf-mailsig).
An implementator can add a quick loop to check the z= headers against the
actual headers, as we did, as part of a diagnostic reporter to find out
where there would be early integrity. In other words, if Z= is present,
then it must match existing headers. If not.....
"msg #123343434: Warning, DKIM integrity failure: Subject line"
>> Anyway, I think the positives outweigh the negatives.
>
> It seems that a mailing list that mucks with a message is a good
> test case for how DKIM survives, or addresses, such behavior.
> This is where the challenge is, not with lists that just re-direct
> messages without alteration (except maybe the addition of trace
> fields and List-* fields).
As I said, if this was intentional to help promote DKIM problem solving,
then all fine by me. I suspected these list admin had good reasons. <g>
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org
