On Sat, Apr 5, 2025, at 12:58, John R Levine wrote: > On Sat, 5 Apr 2025, Alessandro Vesely wrote: > >> If we could just say these headers only occur once, if you see two just > >> give up, it makes the process somewhat simpler and more importantly ends > >> the argument about oversigning. > > > > This argument overlaps with the idea of having those header fields silently > > implied in the signature, with h= only mentioning possible extra fields. > > That makes no sense. Whuch headers we sign and how many instances of them > we sign are completely orthogonal. > > On the other hand, I was looking at the modification algebra document. It > implicitly assumes that the headers that are being modified occur only > once. >
False. Maybe it's not clear enough, but that is not the intent. 2. Delta format - headers For headers, the format is to completely replace all headers with a particular name. [...] I welcome other wording which makes it clear that any mention of a header is "this new list of headers replaces all the headers with the same name". If you had message with X-Foo: one X-Foo: two and you wanted to replace them in a new message with three and four Then your new message would say DKIM2-Delta-Header: i=2; t=X-Foo:one:two X-Foo: three X-Foo: four I do see that I didn't give an example of replacing multiple previous headers. > > As part of our strawman, let's assume both that lithere's a set of > headers that can only occur once, you can't sign a message or verify a > signature if any more them occur more than once, and they're the only ones > that can be modified. > > If people say this won't work, I would appreciate plausible examples of > something a signer would want to do but couldn't with emphasis on > plausible. No, we should have a way to replace multiple instances of a header. I intended there to be one, and will update the text with examples once we've maybe bikeshedded the exact syntax a bit. Bron. -- Bron Gondwana, CEO, Fastmail Pty Ltd br...@fastmailteam.com
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
