[ietf-dkim] Interesting Dupe Signatures
John R. Levine
johnl at iecc.com
Mon Nov 2 10:15:20 PST 2009
>> DKIM-Signature: .... c=relaxed/relaxed; // dupe
>> DKIM-Signature: .... c=relaxed/relaxed; // dupe
>> DKIM-Signature: .... c=relaxed/relaxed; // dupe
>> DKIM-Signature: .... c=simple/relaxed; // other signer
>> DKIM-Signature: .... c=relaxed/relaxed; // other signer
>
> You need two header and one body canonicalizations in that example. And that presumes there's no "l=", which creates another dimension in the matrix of canonicalizations you need to run.
I don't see much benefit for saving the header hash, since it depends on
the order that the headers are listed in the h= header.
On the other hand, doing both the simple and relaxed body hashes in a pass
over the body would handle about 99.999% of the signatures that anyone
cares about. I haven't seen many l= signatures, other than from Cisco,
and I don't think I've seen any where the l= didn't cover the whole
message.
R's,
John
More information about the ietf-dkim
mailing list