------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1310
--- Comment #5 from Tony Meyer <tony@???> 2012-10-16 20:32:52 ---
Phil: section 5.4 of the RFC (4871) does a pretty good job of explaining why
you'd want to sign headers that aren't in the message. In particular:
INFORMATIVE RATIONALE: This allows signers to explicitly assert
the absence of a header field; if that header field is added later
the signature will fail.
INFORMATIVE NOTE: A header field name need only be listed once
more than the actual number of that header field in a message at
the time of signing in order to prevent any further additions.
For example, if there is a single Comments header field at the
time of signing, listing Comments twice in the "h=" tag is
sufficient to prevent any number of Comments header fields from
being appended; it is not necessary (but is legal) to list
Comments three or more times in the "h=" tag.
(Documentation) bug 1309 also has some comments from Exim users that explain it
as well.
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email
