On 2021-08-14 06:45, Viktor Dukhovni wrote:
Instead of empty speculation, a radical idea would be to read the DKIM specification and understand why signing some headers one more time than they appear in the message is a feature of that specification.
its then impossible to verify if there ever was an extra header or not, this still make it less strong, it does not more secure or not with that feature
this makes dkim more weak to have that as valid, and imho it does not being needed