I agree. I highlighted the ambiguity for the issues list. But I wanted to point out even without multiple signatures, what to do when a header is missing or changed.
I believe what came out of the little discussions was that in the end, it (z=) is totally useless information for verifiers. It is purely for signer diagnostics. I can see an implementator going the extra mile trying to find out "why" a hashing failure. It might do a header comparison if it is listed in z=. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com ----- Original Message ----- From: "Tony Hansen" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, April 28, 2006 4:55 PM Subject: Re: [ietf-dkim] z= question with X headers > The pseudo code ignores the case where multiple existences of a header > field name may exist in either/both of the h= and z= values. > > Tony > > Hector Santos wrote: > > ----- Original Message ----- > > From: "Eric Allman" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Cc: <[email protected]> > > Sent: Friday, April 28, 2006 3:34 PM > > Subject: Re: [ietf-dkim] z= question with X headers > > > > > >>> Perhaps: > >>> > >>> "A vertical-bar-separated list of select header field names and > >>> copies of header field values that identify the header fields > >>> present when the message was signed. It is not required to include > >>> all header field names and values." > >> I've added essentially this wording. Sorry for the confusion; it was > >> definitely ambiguous. > > > > Thanks. This was one of the issues I had brought in the issues list. > > > > I think what is may be important is what to do when a header is different > > from a possible copy in the z= list. > > > > I.e., for a mailing server that may alter the subject line to add the > > [mailinglist_name] subject tag. > > > > Example: This might be the correction. > > > > // Hash Headers > > > > hash = empty; > > for each hdr in (dkim_h_list) do > > > > s = mail_headers[hdr]; > > sz = dkim_z_list[hdr]; // see is copy is available > > > > if (s != sz) { > > WHAT? INVALID? Should they be the same? > > What can cause this? Mailing list? > > } > > > > if (s == "") s = sz; // correction > > > > if (s != "") > > hash += hash_string(s) > > else > > WHAT? INVALID? > > > > end for > > > > Make sense? > > > > --- > > Hector > > > > > > > > _______________________________________________ > > NOTE WELL: This list operates according to > > http://mipassoc.org/dkim/ietf-list-rules.html > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
