On 01/06/2025 22:28, Dave Crocker wrote:
On 6/1/2025 4:58 AM, Alessandro Vesely wrote:
Basically, we can assume that all To:/Cc: addresses are legit, since
that's what the author intended.
1. Unless a to or cc has been replaced along the way.
That invalidates the signature; it's the same as replacing DKOR.
2. Having multiple things to check for is more complicated than one.
Creating the extra field is trivial on the posting side.
The loop is based on local data. It is definitely easier than looking up the
same key multiple times (in case multiple recipients are on the same MX.)
Conversely, depending on the MTA filtering API, splitting messages may require
some acrobatics, like removing recipients and re-injecting the message anew.
3. I looked for the thread you referenced and don't see it.
A good recap is this message by Wei:
https://mailarchive.ietf.org/arch/msg/ietf-dkim/1NoBJCqu34_069P_EZe_i1AWzxA/
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
