[ietf-dkim] Base issue: multiple linked signatures
Arvel Hathcock
arvel.hathcock at altn.com
Thu Jan 4 08:39:11 PST 2007
> As a result of this thread, the WG consensus on the "MUST NOT" for
> "z=" might have changed. In order to see if that's the case, we need
> someone to suggest alternate text.
IMO, we need some text that (a) makes it clear that a signature
verification which conforms to this standard must not be based upon the
z= and (b) which does not give the sense that verifiers may not use the
z= values at all!
I believe the current text is meant to do (a) but the "checking the
signatures in any way" language implies (b).
Verifiers MUST NOT use the header field names or copied values
for checking the signature in any way. Copied header field
values are for diagnostic use only.
To my way of thinking the language in DKIM-01 was better:
Verifiers MUST NOT use the copied header field values for
verification should they be present in the h= field. Copied
header field values are for forensic use only.
Perhaps an alternative might be:
Note: Signature verification is determined using the content of
the headers identified by the h= tag. Copied headers and header
field values presented by the z= tag are not intended to be used
for signature verification. Any signature verification which
requires the use of the z= tag content does not conform to this
standard.
Just an idea. I'm sure there are problems with it.
--
Arvel
More information about the ietf-dkim
mailing list