Barry Warsaw wrote:
On Oct 30, 2011, at 08:04 PM, Patrick Ben Koetter wrote:
X-Message-ID-Hash
        propose an RFC as an extension of RFC 5064
        Modify to: unclear
        Next Step: Discuss

As an RFC, obviously we'd drop the X- prefix, but also "Hash" might be too
vague.  Personally I think Message-ID-Hash is fine and the theoretical RFC
shouldn't allow much leeway in implementations (i.e. only one hash algorithm
is allowed).  This will probably be bikeshedded to death.  Still, since
Message-ID must be unique (and generally is, as backed up by The Mail
Archive's data), I think base-32 of SHA-1 will in practice be just fine.

I love painting bikesheds... or rather offering paint color/colour suggestions to painters doing the work ;-)

If a header is going to contain data that is generated from non-trivial processing I think it would be good form to include the algorithm name in the header.

The DKIM-Signature (RFC 4871, and was included in the email I'm replying to) itself includes the name, example extract:

   DKIM-Signature: a=rsa-sha256; .........

DKIM is using a secure hash which is arguable more processing than a simple digest hash but the same principle of self documenting seems reasonable.

Admittedly there will be a need in the future for new secure algorithms to be deployed for DKIM, it is less certain if there is a need to ever change the algorithm used for X-Message-ID-Hash. Is there a clear advantage limiting the algorithm used?

Chris

_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Reply via email to