Re: Difference between AlwaysSignHeaders and OversignHeaders

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 18 Jun 2012 21:25:03 -0700 (PDT)

On Tue, 19 Jun 2012, lutz.niederer_at_gmx.net wrote:
> could someone please describe the difference between AlwaysSignHeaders
> and OversignHeaders? I read the man page but it is still absolutely
> unclear to me.

They're very similar. They evolved at very different times. It's likely
that they could be merged.

If you list a header field name in AlwaysSignHeaders, then you're
guaranteed your name will appear at least once in the "h=" tag. If the
field was present, then it has no effect; if the field was absent, then it
will appear in "h=" once anyway to ensure that it can't be added
downstream without invalidating the signature.

If you list a header field name in OversignHeaders, then you're guaranteed
that for "n" times your header field appeared in the original message, it
will be listed "n+1" times in the "h=" tag, guaranteeing it can't be added
downstream.

AlwaysSignHeaders does not prevent the addition of a second instance of a
header field that was present in the original.

> If I want to prevent someone adding a non-existant and deleting or
> modifying an existing header, where should that be put into?

You can't delete or modify an existing header field if it was signed,
regardless of these settings. The extra names in "h=" that these create
prevents addition of extra instances of the header field.

Does that clear it up?

We probably should look at merging AlwaysSignHeaders and OversignHeaders
into a single setting once OversignHeaders is no longer an FFR.

-MSK
Received on Tue Jun 19 2012 - 04:25:21 PST