Hi!
On Mon, 23 Oct 2023, Andrew C Aitchison via Exim-users wrote:
I believe that the default for dkim_sign_headers should have '=' at least for
each of the List-* headers,
as Andreas has done.
Yes, that would be reasonable.
BTW, RFC6376 comes with inconsistencies about the headers to sign. In
section 5.4. 'Determine the Header Fields to Sign' it notes:
INFORMATIVE OPERATIONS NOTE: The choice of which header fields to
sign is non-obvious. One strategy is to sign all existing, non-
repeatable header fields. An alternative strategy is to sign only
header fields that are likely to be displayed to or otherwise be
likely to affect the processing of the message at the receiver. A
third strategy is to sign only "well-known" headers. Note that
Verifiers may treat unsigned header fields with extreme
skepticism, including refusing to display them to the end user or
even ignoring the signature if it does not cover certain header
fields. For this reason, signing fields present in the message
such as Date, Subject, Reply-To, Sender, and all MIME header
fields are highly advised.
But in 5.4.1. it neither lists 'Sender' nor any MIME related headers. And
the note above indicates to sign present headers. A lot of leeway on how
to interpret the RFC.
ciao
Markus
--
/ Markus Reschke \
\ madi...@theca-tabellaria.de /
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
