On 14/Oct/10 20:09, Mark Delany wrote: > On Thu, Oct 14, 2010 at 08:01:17PM +0200, Alessandro Vesely allegedly wrote: >> On 13/Oct/10 20:45, Scott Kitterman wrote: >> > On Wednesday, October 13, 2010 12:54:23 pm Murray S. Kucherawy wrote: >> >> If we can extract DKIM from the equation entirely and the problem >> remains, >> >> how is it a DKIM problem? >> > >> > If the DKIM signature doesn't verify after signed headers have been >> altered, >> > then it's not. >> >> Correct. And the way that it fails to verify is h=from:from. > > Which strikes me as an ugly hack. Given that most headers should only > occur once and given that a lot of signers sign most headers doesn't this > suggestion degenerate to > h=from:from:subject:subject:to:to:cc:cc:mime-version:mime-version:list-id:list-id?
Yes, it does. The only question is to devise normative statements correctly, e.g. MUST duplicate "From", SHOULD duplicate the rest. This is _not_ a kludge. It is how DKIM signing works (Section 5.4). Are we worried about wasting 100~200 bytes per signature? (I get ~4Kb headers nowadays, so that is about 3% of it.) Introducing an abbreviation --e.g. an h2 tag-- is considerably clearer from an algorithm developer's POV. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html