Paul Hoffman <[EMAIL PROTECTED]> writes:
> At 3:43 PM -0800 12/26/06, EKR wrote:
>>I don't know what's being proposed here, but as a technical matter
>>it's not really the case that you can't individually insulate each
>>header from breakage without doing a separate signature for each
>>one. Rather, you could simply include digests for the header value in
>>the header specification, i.e.,
>>
>> DKIM-Signature: a=rsa-sha256; d=example.net; s=brisbane;
>> c=simple; q=dns/txt; [EMAIL PROTECTED];
>> t=1117574938; x=1118006938;
>> h=from=<digest-value>:to=<digest-value>:subject-<digest-value>:date=<digest-value>;
>> ...
>
> This is actually less information than the z= tag, which says what the
> value was when signed.
Yes, that's true, so even without this optimization it's not true
that you need to a separate signature for each header.
That said, this representation is more compact, so it's a tradeoff.
It also doesn't come with this restriction:
Verifiers MUST NOT use the header field names or copied values
for checking the signature in any way. Copied header field
values are for diagnostic use only.
But of course that restriction could be relaxed.
-Ekr
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
