Issue
"h" field of Yahoo! DKIM signature:
h=From:Subject:Date:To:From:Subject;
Is there any actual benefit to repeating headers in a DKIM signature?
Solution
Short Answer
It's a method used to stop additional headers of the given type being added afterwards, otherwise those headers could be injected and appear repeatedly without breaking DKIM.
Longer Answer
The message signer can choose which headers (and whether the body) is covered by the DKIM hash. Only the From header is mandatory, others are optional, so the "h" field of the DKIM signature conveys to the receiving server which headers should be considered when validating the message against the hash.
According to RFC6376 : Signers choosing to sign an existing header field that occurs more than once in the message, such as the Received headers, MUST sign the physically last instance of that header field in the header block. Signers wishing to sign multiple instances of such a header field MUST include the header field name multiple times in the "h" field.
A signer MAY include more instances of a header field name in the "h" field than there are actual corresponding header fields to indicate that additional header fields of that name SHOULD NOT be added. This is achieved by encoding the missing header values as null, which wouldn't match the value in the reverse process if an illegal insertion had subsequently been made.
In any case the DKIM will have generated its hashes against the repeated terms, so the testing of DKIM would need to do the same maintaining that order.
Answered By - Gavin Jackson Answer Checked By - Candace Johnson (PHPFixing Volunteer)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.