Barry Warsaw wrote:
On Oct 30, 2011, at 08:04 PM, Patrick Ben Koetter wrote:
X-Message-ID-Hash propose an RFC as an extension of RFC 5064 Modify to: unclear Next Step: Discuss
As an RFC, obviously we'd drop the X- prefix, but also "Hash" might be too vague. Personally I think Message-ID-Hash is fine and the theoretical RFC shouldn't allow much leeway in implementations (i.e. only one hash algorithm is allowed). This will probably be bikeshedded to death. Still, since Message-ID must be unique (and generally is, as backed up by The Mail Archive's data), I think base-32 of SHA-1 will in practice be just fine.
I love painting bikesheds... or rather offering paint color/colour suggestions to painters doing the work ;-)
If a header is going to contain data that is generated from non-trivial processing I think it would be good form to include the algorithm name in the header.
The DKIM-Signature (RFC 4871, and was included in the email I'm replying to) itself includes the name, example extract:
DKIM-Signature: a=rsa-sha256; .........
DKIM is using a secure hash which is arguable more processing than a simple digest hash but the same principle of self documenting seems reasonable.
Admittedly there will be a need in the future for new secure algorithms to be deployed for DKIM, it is less certain if there is a need to ever change the algorithm used for X-Message-ID-Hash. Is there a clear advantage limiting the algorithm used?
Chris