[ietf-dkim] Not exactly not a threat analysis
earl at earlhood.com
Wed Aug 17 12:17:17 PDT 2005
On August 17, 2005 at 19:29, Tony Finch wrote:
> > How do you look for the first signature that matters? If the first
> > (however you decide to examine the message headers -- top-to-bottom,
> > bottom-to-top, random?) DKIM-Signature lists another DKIM-Signature
> > as the list of fields included in the signature, which DKIM-Signature
> > field should be included during the crypto verification process?
> The DKIM-Signature field which lists one fewer DKIM-Signature field in its
> list of signed header fields.
This assumes that a signer will always sign all existing DKIM-Signature
fields present and that re-ordering has not happened.
More information about the ietf-dkim