[ietf-dkim] z= question with X headers
mike at mtcc.com
Fri Apr 28 13:38:08 PDT 2006
> On Fri, 28 Apr 2006, Eric Allman wrote:
>> The z= tag is only supposed to be used for "diagnostic purposes", not
>> for computing the hash. Changing that would have major implications
>> that we would have to examine very carefully.
> So if mail list changed Subject header field (and for purposes of this
> question did not add other fields or changed content data) and there was
> a signature in message before that contained original Subject in the 'z'
> tag AND now message got to verifying agent - that agent is supposed
> to say the signature is invalid rather then use data from 'z' tag to
> attempt to verify the signature?
Yes, but let me explain. As far as the spec is concerned, there is a
to verify a signature, and that does not involve anything with z=. We
to be true lest we infinitely devolve into arguments about what
good, evil, etc. The current spec is algorithmic, and that's a Good Thing.
That said, dkim-base does not specify any output other than the internal
of the verifier after the operation is complete, and this can be used
purpose the verifier thinks is useful. Nor does -dkim-base say that you
try to figure out what went wrong; this is the receiver's perogative,
and we aren't
the net.police. If you were to try to do that and make a different
decision in your
receiver based upon that, that's your perogative, but it's completely
scope of the -dkim-base document. In other words, your on your own.
More information about the ietf-dkim