[ Also sent to draft-brand-indicators-for-message-identificat...@ietf.org ]
https://datatracker.ietf.org/doc/draft-brand-indicators-for-message-identification/05/
7.8. Handle Existing BIMI-Location and BIMI-Indicator Headers
says:
If the original email message had a DKIM signature, it has already
been evaluated. Removing the BIMI-Location header at this point
should not invalidate the signature since it should not be included
within it per this spec.
Should ARC follow this point ?
I have recently recieved a message with the extended "header line":
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=bimi-indicator:bimi-location:message-id:subject:from:to:date
:dkim-signature;
bh=eSJNDNC7jNBO0pA60Jz7iXbtpoaikxev3P6+3CCGPn8=;
fh=NEBFbcz/PfV5kmGdS9fK06GL1w09W1ScXRSY5P0g+gU=;
b=NutfwApfFobPb40qlk1CjsEljekQF+R6frEbKNUIddjp//M46a+HFz2ZQygdghXHrj
etfgmcqWZbmmeA8uFqlBVijj8Y9VCJZa9IC6ncgQKEfswxGOdGE/LW0bYAldihjNad1O
tJysP2s2uydDl848Y39jDhF80/c7Q5Bqj4DcqLP1bfEEBG4Ij596oPpWrNOBKqApv5IN
rzODhITf85Go9hbvkhaAq4gf2K2njcnYsTga5SeRuVqNelll7c5EccsY3uijhOfzgOaa
AvZIUWTsfz5bNhI4sWX6uwkSMU6joXcTvsCEaaZCJy2TgCLfOJ3aRqI09jAB8Wu9xMwG
8yWg==;
dara=google.com
- note h=bimi-indicator:bimi-location: ...
We have an ARC signature which includes bimi-location, so the
message breaks the spirit but not the letter of the draft RFC.
Since the point of 7.8 is to say that an MTA MUST remove any
bimi-indicator or bimi-location headers from incoming messages,
I think we have a problem ?
I haven't yet figured out which of the other headers I can safely post,
but the ARC headers must have been added by either google, mythic-beasts
(or possibly swaks on my machine).
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop