Alessandro Vesely wrote in <8e3080de-64c8-40ae-87be-9538bd2be...@tana.it>: |On Wed 12/Mar/2025 15:51:44 +0100 Allen Robinson wrote: |>> Definition of forwarding |> |> In the context of DKIM2, this is the act of accepting a message with \ |> some |> 821.To address and resending it to some number of other 821.To addresses\ |> , |> potentially after modifying the message. This definition covers most \ |> MTAs, |> if I understand correctly. Needing to change the 821.From in this \ |> case is |> certainly a large change for the ecosystem as a whole, but one that \ |> we feel |> provides sufficient value to justify the cost. | |SMTP describes this as "Mailing Lists". | |> I think an argument could be made that this definition doesn't apply \ |> to all |> relays. Systems that don't need to change 821.From or 821.To and \ |> don't modify |> the message being transferred would probably be able to operate without |> attaching their own signatures. | |AFAIUI, only backup MXes can forward a message without changing 821.To. | |If signing 821.To could somehow be made into a separate signature, the |"classic" alias forwarding would not break the other (part of the) \ |signature, |which would therefore be more compatible with DKIM1.
In ACDC you set the O flag to claim message ownership. Only then you are allowed to create signed subsignatures which contain different envelope from/to. Ie, since the envelope *is* changed, the O flag *will* be set, for ACDC-enabled receivers. Yes, it is true that ACDC does not yet offer any flag to signal "there are changes to [only] the RFC 5321 envelope", which suddenly crossed my mind on late Saturday morning European time for no obvious reason. This is no good, and it needs to be changed. I never said ACDC is the peak of intellect or "stone of the sage". It is only much much better than DKIMv2. And it is true that at best 5322.From would need to be rewritten also for forwarding, so that also a ACDC DKIM diff would be generated, and especially that an actual receiver would *see* within the RFC 5322 message that something happened along the way. On the other hand alias expansion and forwarding has always worked like that, no, regardless of what Dave Crocker says: the entire infrastructure works like that since at least the 1970s. But with the O flag, and the flag i will add to ACDC in a couple of minutes, future software can rime on it. Thank you very much! P.S.: btw i will post a SMTP VERP extension, which will be my fifth and likely very last RFC, and i will adapt ACDC so that the 5321 envelope from address ignores VERP additions (as in: MUST ignore when reading, SHOULD not generate when writing, hallelujah). A nice Sunday i wish everybody, --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
