On Mon, Oct 23, 2023 at 11:51:21AM +0200, Andreas Metzler via Exim-users wrote:
> > It's also as per RFC 6376 Section 5.4.1. "Recommended Signature
> > Content" (at least wrt. the List- headers; I didn't check them
> > all). So Exim takes the opinion of the working group that defined
> > DKIM, here.
> Kind of. The RFC has big fat disclaimer that it only provides very
> rough guidance ("The choice of which header fields to sign is
> non-obvious.") and is very very thin on details, afaict it does not
> say a thing about oversigning.
Right, in the sub-section cites it says (lightly paraphrased):
The following headers SHOULD be signed *if they are present* in the
message.
Emph mine. So, like Andreas writes, if they are *not* present, this is
vacuous.
--
Ian
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
