Author: derti Date: To: Tom Kistner CC: Exim-Users \(E-mail\), Paul Dekkers Subject: Re: [exim] domainkeys experiment and c=simple always bad
Tom Kistner wrote:
> Paul Dekkers wrote:
>
>> Is the h= tag a responsibility of this library as well? I noticed
>> that it is not in my signature (but libdomainkey's test-tools have an
>> option to include it or not, so maybe it is in the library); sounds
>> like this tag makes the thing less fragile, maybe, and is therefore
>> worth having?
>
>
> When I implemented DK in Exim the h= signing support of the lib was
> ... rather unfinished. The code already has a dk_headers option, but
> it does not work yet. On my todo list. Checking messages signed using
> h= should work tho.
>
> /tom
> 0.65 (or current CVS) fixed the whole dk_headers handling, I think I
mentioned it in the changelog. Actually, in the 0.64 code the h=
handling was broken when verifying if there were duplicate header labels
(ie: Recieved:) but were not all in order (ie: Recieved: Sender:
Recieved:) . 0.64 re-orders the headers so they are in order (ie:
Recieved: Recieved: Sender:)then generated the sig to compare which was
incorrect. Using the new dk_rdupe() function when signing will get
around this problem for servers that use the older code. If you use
dk_rdupe you MUST remember to also add the h= tag.
