Ahoj, Dňa Tue, 7 Mar 2023 12:00:35 +0100 Alessandro Vesely via mailop <mailop@mailop.org> napísal:
> The RFC was written at a time when there was not so much experience
> with DKIM and DMARC wasn't there.
In that case, the RFC have to be in proposed state, until enough
experiences are gathered. But we see it in many cases, quick, quick, to
have at least something and problems we will solve later. But this
latter either never happen or is near impossible then to apply and
finally someone develop new standard (XKCD about this exists)...
> Its Section 5.4.1 includes List-*
> fields, and unfortunately most guides refer to that section for
> guidance.
No, it is not "list of headers", it is "list of examples of headers", it
states:
"The basic rule for choosing fields to include is to select those
fields that constitute the "core" of the message content."
If i remember properly, the exact list of headers was in some previous
version RFC. This examples list has not MUST, nor SHOULD, nor anything
other (except From header), it is just example...
That i consider as good definition (for RFC), but many people want to
have exact list (to not need to use own head), but one list cannot
server all email purposes/usage.
BTW, there is too:
"Similarly, "In-Reply-To" and "References" might be desirable
to include if one considers message threading to be a core part of
the message."
IMO exact case of many "normal" ML as this one, but not eg. for
marketing "ML", where replies are not expected...
> If signatures are meant to protect the meaning of messages, rather
> than their hopping from a server to the next, only meaningful header
> fields should be signed and possibly oversigned. That is From:,
> Subject:, Author: if used, perhaps To:, Cc: and Reply-To: if they are
> considered significant.
This more or less corresponds to the idea: "choose headers, which are
important", and i understand RFC exactly in this mean.
IMO, one have to oversign List-* headers only in case, that message
have not be resend by (other) ML. But then particular ML rewrites From
header and it becomes pointless, but in some "private/closed" ML can be
desired.
> Someone should write a revised best practice.
I agree! But again, here is as many email flows, that it cannot be
published as RFC, as it will get neverending update flood and will be
obsolete from start ;-)
Only solution for this i see something as HTML is now, i name that
(raw) "flying standard", without exact number and regularly updated :-)
regards
--
Slavko
https://www.slavino.sk
pgpcaBBbv9MPW.pgp
Description: Digitálny podpis OpenPGP
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
