> On Jan 19, 2024, at 8:41 PM, John R Levine <jo...@taugh.com> wrote: > > Manfred said: >> (Seems like "seal"ing would be a better term than "oversign"ing.) > > We've called it oversigning for a decade now. >
Interesting. First time I have come across the term (“oversign”) and it appears to be a feature with several products in the market. But checking the RFC, unless I missed it, it’s not a RFC defined term. Replay is the term used. To me, the term connotes “redundant signing” beyond what is necessary or desired for a particular signing rule. If I add this feature to wcDKIM, it can be introduced as: [X] Enable DKIM Replay Protection The F1 help will indicate the addition of headers, i.e. To:, Subject:, etc. as empty field values are used to enforce the hashing binding of these potentially missing headers to the signature. If enabled, then these specific headers MUST be included in the list of headers to be signed and the headers MUST exist. If not, the headers with empty values will be hash bound to the signature. Is that “Oversigning?” Perhaps. Imo, it is redundant header(s) signing when it may not be required for certain DKIM signing routes. What is most important is what it is suppose to help address - DKIM Replay hacks. All the best, Hector Santos _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
