On Wed 02/Apr/2025 18:01:40 +0200 John Levine wrote:
It appears that Murray S. Kucherawy <superu...@gmail.com> said:
Most (all?) non-trace headers are defined to occur only once, like From:
and Subject:
I think this could work also and agree it would shorten the list of header
fields that have to be oversigned.
No, this is a useless optimization that nobody cares about. Show the
community that cares. A community that actually matters.
We spent years with Doug Otis arguing about multiple From and Subject header fields and after
that advice of various sorts about when to oversign them.
If we could just say these headers only occur once, if you see two just give up, it makes
the process somewhat simpler and more importantly ends the argument about oversigning.
This argument overlaps with the idea of having those header fields silently
implied in the signature, with h= only mentioning possible extra fields.
Obviously, if they are implied they must be also implicitly oversigned. So it
is a matter of convention whether the requirement is expressed in the hash or
not. Which way provides for the cleaner code?
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
