Hi, Dňa 7. marca 2023 17:36:17 UTC používateľ Alessandro Vesely via mailop <mailop@mailop.org> napísal:
>Yeah, RFC4871 was a proposed standard, RFC6376, four years later became an >Internet standard. Once there was a level in between... Seems that 4 years was not enough ;-) Or we understand idea behind that RFC wrongly... >We seem to agree. But then, why does people sign Content-Transfer-Encoding:? Good question, but bad target ;-) But you can guess answer itself: how many people expect, that when 7bit is enough for them, it must be enough for all? Or another group of people who even don't know about transfer encoding at all... And we must not forget about Homo Copy&paste ;-) BTW, our Minister of Informatics have (had) own video on youtube, including notebook (to we all see thet she is expert) and on notebook yellow sticker with (readable) password. What one can expect from that expert? Only that Mira2020 (or so) is by government approved password, which all havemto use :-P >And why does RFC8058 require that fields such as List-Unsubscribe-Post: MUST >be signed? Is it special "One click" case? I was not interested in it yet... >IOW, signing gently allows greater flexibility, while signing heavily doesn't >prevent replaying. We can define third group: sign carefuly :-) But here i see one big problem. One have to select signed headers list on per message base, as what constructs core of message can differ for any message. My system is not prepared for that and i will guess that many other systems are the same. I use one domain for all types of messages, some even use same sender address for that. Guessing how/what to sign properly in that generic environment is near to impossible... The same applies to shared hostings (common for emails here). >Why do you sign Content-Type: since you know it is going to be changed? Do you mean exactly me, or it was generic question? If you mean me: Do you want change the text/plain message, eg. to multipart/alternative with text/html appended? Of course, in my case that change will invalidate body signature too (as i sign whole body), but anyway, it constructs core of message, thus (IMO) fulfill RFC. When/where do you expect Content-Type change? What i miss? regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop