On Tue 07/Mar/2023 09:51:31 +0100 Slavko via mailop wrote:
IMO, the real problem comes, that there is not good description, when and which headers to sign and what are consequences, if one does this or this... The RFC is vague in that, but that is OK, as there are too many possibilities how messages can be constructed, but something as best practices is missing (or at least i am not aware of it).
The RFC was written at a time when there was not so much experience with DKIM and DMARC wasn't there. Its Section 5.4.1 includes List-* fields, and unfortunately most guides refer to that section for guidance.
If signatures are meant to protect the meaning of messages, rather than their hopping from a server to the next, only meaningful header fields should be signed and possibly oversigned. That is From:, Subject:, Author: if used, perhaps To:, Cc: and Reply-To: if they are considered significant.
I'm unsure about References: and In-Reply-To:, is it forbidden to rearrange threads, maybe to avoid their drifting beyond the right margin?
Someone should write a revised best practice. Best Ale -- _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
