[dkim-dev] Choosing sets of headers to sign
Dave Crocker
dhc at dcrocker.net
Sun Jan 14 12:35:53 PST 2007
Murray, et al,
Useful responses. Thanks. THey prompt some more questions.
>> And the other line of question is about having different folks signing
>> different sets of fields. Is that variation important? How? And how
>> can/should they be distinguished by the validator/filter?
>
> I would think the verifier could be given a list of headers which, if
> present, MUST be signed. If for example the verifier wants all From
> headers to be signed and it gets a message whose signature verifies but
>> From wasn't signed, the verifier SHOULD act as though the signature was
> not present.
1. How would the verifier be given a list? Via the BCP you cite, or something
else?
2. Is there only one list, or for example, might different styles of messaging
produce different set of required (or expected) signatures?
> This is all local policy or BCP stuff though, not something the base
> specifications necessarily need to address.
3. Absent a BCP or the like, is there a problem with having -base be silent on
list any required fields (other than From)?
The basis for this question is the concern that publishing -base without a
list would produce different signing choices and a confusion of how to interpret
those differences, or a failure to handle them differently.
d/
ps. Should we be worried at how few responses have shown up on this list?
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the dkim-dev
mailing list