[ietf-dkim] chained signatures, was l= summary
chl at clerew.man.ac.uk
Mon Jun 8 03:24:20 PDT 2009
On Fri, 05 Jun 2009 18:27:06 +0100, Doug Otis <doug.mtview at gmail.com>
> On Jun 5, 2009, at 6:36 AM, Charles Lindsey wrote:
>> No, that is NOT what section 1.6 of RFC 5451 says. It requires
>> removal of any pre-existing A-R header "claiming to be valid with in
>> its [the ADMD's] boundaries", which essentially means (AIUI) any A-R
>> header that might be mistaken for one that might/would/should have
>> been created within that same ADMD.
> By selecting specific A-R headers to remove, header content might be
> processed post delivery, and then appear to match against some trusted
For sure, individual recipients may wish to check signatures etc. for
themselves, espeicially if they have doubts about the policies applied by
their local assessors. If the local assessor has unnecessarily removed
sone A-R that is actually covered by the signature, then that becomes
And if they have doubts about the policies of sone earlier mailing list
expander, they might wish to see exactly what that expander had actually
done to the message. For such forensic investigations, removing useful
information (aka "dumbing down") is always a dumb thing.
> The safest solution would be to remove _all_ A-R pre-existing A-R
> headers from different environments ...
But that's not what the standard says.
>> Note that Appendix B.6 of RFC 5451 contains an example exactly
>> equivalent to the one I have just given, including the retention of
>> A_1 (and even S_1).
> IMHO, appendix B.6 is overly optimistic for today's environment.
Maybe so, but that document is a proposed standard, and unless you have
plans to get it revised, we must try and work with it as it stands.
Nothing in that example is contrary to what that standard says normatively.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim