https://bugs.exim.org/show_bug.cgi?id=1310
Jeremy Harris <jgh146exb@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|-- |Exim 4.88+
--- Comment #8 from Jeremy Harris <jgh146exb@???> ---
Not quite, as I read it. We'll need to edit the to-be-signed list of headers
as
new headers are noticed, for each match a) adding to the signed block (and h=)
and b) knocking that header out of the list. Then when we run out of message,
add (once) to h= any remaining in the list.
This gets us
- only headers in the list are signed
- headers can be listed in duplicate
- non-present, but listed, headers are "signed" as absent
I'm not seeing that we need any further options. The current coding produces
a signed message which is self-consistent (signing vs. h= declaration of
signing) but is not a full implementation (does not support oversigning; indeed
misses doing it in a great preponderance of cases - non-mailinglist messages).
The proposed solution will still be self-consistent (so verifiers should still
verify) but will have that support.
I don't think the extra use-case noted in #c2 is worth supporting.
We might think about the other direction: always oversigning (all? some
specified
list of?) headers, however many there are of a given one. But probably that's
not this bug number.
--
You are receiving this mail because:
You are on the CC list for the bug.
