On 10/15/10 8:40 AM, Mark Delany wrote: >>> h=from:from:subject:subject:to:to:cc:cc:mime-version:mime-version:list-id:list-id? >> Yes, it does. The only question is to devise normative statements >> correctly, e.g. MUST duplicate "From", SHOULD duplicate the rest. >> >> This is _not_ a kludge. It is how DKIM signing works (Section 5.4). >> >> Are we worried about wasting 100~200 bytes per signature? (I get ~4Kb >> headers nowadays, so that is about 3% of it.) Introducing an >> abbreviation --e.g. an h2 tag-- is considerably clearer from an >> algorithm developer's POV. > Well, if you want to introduce semantic changes why not just change > the meaning of h=from:to: to be semantically identical to > h=from:from:to:to: > > Old verifiers still work as well as they do today, new verifiers work > better and virtually all existing signers still work (excepting those > that sign a subset of legitimately repeating headers - which must be > rare). > > In either cases, the implementation changes are about the same, but > the spec is simpler. Agreed. But use of the h=from:from prevents one mode of exploitation, because this requirement until now had not been made explicit.
-Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html