On 11/22/2022 6:12 AM, Scott Kitterman wrote:
On Tuesday, November 22, 2022 8:48:48 AM EST Alessandro Vesely wrote:
On Tue 22/Nov/2022 01:21:00 +0100 Murray S. Kucherawy wrote:
We actually seemed to like the idea, at least back then, that the
signature
survives delivery so that it can be validated at any point later.
Indeed, there are products, like Lieser's DKIM verifier plugin for
Thunderbird[*], which verify DKIM on the MUA.
My desktop MUA of choice (kmail) includes the capability too.
To the extent there is serious pressure to aid MUA awareness of the DKIM
header-field for a received message, we can specify renaming the field
(and removing the actual signature value.)
This retains the desired signalling information, without being useful
for replay.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
