Difference between AlwaysSignHeaders and OversignHeaders

From: <lutz.niederer_at_gmx.net>
Date: Tue, 19 Jun 2012 03:15:25 +0200


could someone please describe the difference between AlwaysSignHeaders and OversignHeaders? I read the man page but it is still absolutely unclear to me.

Specifies a set of header fields that should be included in all signature header lists (the "h=" tag) even if they were present at the time the signature was generated. The set is empty by default. The purpose of listing an absent header field is to prevent its addition between the signer and the verifier, since the verifier would include that header field if it were added when performing verification, which would mean the signed message and the verified message were different and the verification would fail. Unlike AlwaysSignHeaders, the names in this data set are always added to signatures even if they did appear in the original header field set.

Should be included in h= lists if they were present? I thought this would be the normal case.
Listing an absent header to prevent...? I thought we talk about headers that were present?
Unlike AlwaysSignHeaders...always added even if they did appear...?

I don't understand this.

Debian sets OversignHeaders as "From".

If I want to prevent someone adding a non-existant and deleting or modifying an existing header, where should that be put into?


Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Received on Tue Jun 19 2012 - 01:15:39 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:40 PST