[ietf-dkim] Alternative text for semantics of multiple signatures
Stephen Farrell
stephen.farrell at cs.tcd.ie
Tue Apr 4 15:28:21 PDT 2006
Paul Hoffman wrote:
> At 10:59 PM +0100 4/4/06, Stephen Farrell wrote:
>> If no-one wants to insist on signatures having to be sequential,
>> then this could be fairly easy!
>
> Signatures have to be sequential if you sign them, given our current
> rules for signing and verifying h=.
Then I'm confused. Someone want to help me out?
I was under the impression out latest proposal was that you didn't
have to, but could choose to, include (other) DKIM-Signature fields
in h= and that if you do so choose (i.e. you want sequential sigs)
that's fine, the verifier will do the right thing (if there's no
re-ordering), so inside h= DKIM-Signature is handled just like
Received. OTOH if you just want parallel sigs, you simply omit
DKIM-Signature from the h= and only bytes from this DKIM-Signature
will be input to hashing.
> The question is whether or not we
> care about the cases where multiple signed headers get reordered, thus
> breaking the signature.
Haven't heard much if any demand.
S.
More information about the ietf-dkim
mailing list