[arc-discuss] arc-message-signature and implicit headers

Kurt Andersen kurta at drkurt.com
Mon Nov 23 17:05:00 PST 2015


I'd be in favor always including the implicit header(s) and using the
explicit order framework. Unless there are objections, I'll include these
changes in the revision I'm working on along with the pseudocode that
Brandon proposed.

--Kurt

On Mon, Nov 23, 2015 at 3:41 PM, Brandon Long via arc-discuss <
arc-discuss at dmarc.org> wrote:

> In the current spec, certain headers are considered implicitly included in
> the AMS, such as the message-id and subject.
>
> When signing/verifying those headers, where should they be included?
>
> I can think of two possibilities:
>
> Explicitly start with them in the order they're in the spec.
>
> Ie, the header signature would be:
>
> For each header name in implicit list:
>    For each instance of the header from the bottom of the headers up:
>      SignUpdate(canonical header)
> For each header from the bottom of the headers up:
>   If header is not implicit:
>     SignUpdate(canonical header)
>
>
> Or, just include them in the order they're in the header:
>
> For each header from the bottom of the headers up:
>   If header is not implicit:
>     add to h= list
>   SignUpdate(canonical header)
>
> With header reordering, I think we would need the explicit order.  That's
> the equivalent of saying the transformation of the ARC h= to DKIM h= is:
>
> dkim_h =
> message-id*(:message-id):date*(:date):from*(:from):to*(:to):subject*(:subject):arc_h
>
> That implies that we always include the implicit header, even if there
> isn't one, picking up the DKIM meaning of "preventing" adding the header.
> We could make each optional, instead, which then wouldn't break the AMS if
> they were added.  Making them optional would allow addition of those
> headers by non-participating hops to not break the chain, but that doesn't
> seem like a benefit to me.
>
> Brandon
>
> _______________________________________________
> arc-discuss mailing list
> arc-discuss at dmarc.org
> http://lists.dmarc.org/mailman/listinfo/arc-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dmarc.org/pipermail/arc-discuss/attachments/20151123/0fbf4912/attachment.html>


More information about the arc-discuss mailing list