Re: z= question with X headers

I agree. I highlighted the ambiguity for the issues list.

But I wanted to point out even without multiple signatures, what to do when
a header is missing or changed.

I believe what came out of the little discussions was that in the end, it
(z=) is totally useless information for verifiers. It is purely for signer
diagnostics.

I can see an implementator going the extra mile trying to find out "why" a
hashing failure.  It might do a header comparison if it is listed in z=.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com



----- Original Message -----
From: "Tony Hansen" <tony@xxxxxxx>
To: <ietf-dkim@xxxxxxxxxxxx>
Sent: Friday, April 28, 2006 4:55 PM
Subject: Re: [ietf-dkim] z= question with X headers


> The pseudo code ignores the case where multiple existences of a header
> field name may exist in either/both of the h= and z= values.
>
> Tony
>
> Hector Santos wrote:
> > ----- Original Message -----
> > From: "Eric Allman" <eric+dkim@xxxxxxxxxxxx>
> > To: <arvel.hathcock@xxxxxxxx>
> > Cc: <ietf-dkim@xxxxxxxxxxxx>
> > Sent: Friday, April 28, 2006 3:34 PM
> > Subject: Re: [ietf-dkim] z= question with X headers
> >
> >
> >>> Perhaps:
> >>>
> >>> "A vertical-bar-separated list of select header field names and
> >>> copies of header field values that identify the header fields
> >>> present when the message was signed.  It is not required to include
> >>> all header field names and values."
> >> I've added essentially this wording.  Sorry for the confusion; it was
> >> definitely ambiguous.
> >
> > Thanks.  This was one of the issues I had brought in the issues list.
> >
> > I think what is may be important is what to do when a header is
different
> > from a possible copy in the z= list.
> >
> > I.e., for a mailing server that may alter the subject line to add the
> > [mailinglist_name] subject tag.
> >
> > Example:  This might be the correction.
> >
> >     // Hash Headers
> >
> >     hash = empty;
> >     for each hdr in (dkim_h_list) do
> >
> >       s  = mail_headers[hdr];
> >       sz = dkim_z_list[hdr];  // see is copy is available
> >
> >       if (s != sz) {
> >          WHAT? INVALID?  Should they be the same?
> >          What can cause this? Mailing list?
> >       }
> >
> >       if (s == "") s = sz;  // correction
> >
> >       if (s != "")
> >          hash += hash_string(s)
> >       else
> >          WHAT? INVALID?
> >
> >     end for
> >
> > Make sense?
> >
> > ---
> > Hector
> >
> >
> >
> > _______________________________________________
> > NOTE WELL: This list operates according to
> > http://mipassoc.org/dkim/ietf-list-rules.html
> _______________________________________________
> NOTE WELL: This list operates according to
> http://mipassoc.org/dkim/ietf-list-rules.html
>