Re: Difference between AlwaysSignHeaders and OversignHeaders

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Tue, 19 Jun 2012 15:19:11 -0700 (PDT)

On Wed, 20 Jun 2012, lutz.niederer_at_gmx.net wrote:
> I will try to repeat what I understood with my own words. (I believe
> that this discussion might be helpful for others, too.)
> [...]

Your repeated version sounds right to me.

> Means, in my case where I would like to make sure nobody modifies the
> header or adds the header if it does exist or if it does not exist I
> should use OSH and not ASH because with ASH someone could easily add
> that header a second time, what would be prohibited when using OSH.

Right.

> And the Debian default of "OversignHeaders From" makes sure that no more
> of the From headers that I put into the message are added (normally one
> From, but two would be ok, too (if I put them in)).

Yes, except that a multi-From message is syntactically invalid. With
certain library flags on, it will refuse to sign such a message. But
that's a different discussion.

> Do I still need to use ASH for my X-Scan-Info or can I omit that for OSH
> to work correctly? I believe I can omit the ASH?

ASH is unnecessary if you're using OSH. I've opened a bug to clean up the
redundancy, which will probably happen in 2.7.0.

-MSK
Received on Tue Jun 19 2012 - 22:19:33 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST