Steffen Nurpmeso wrote in
<20250315233133.olukXXgT@steffen%sdaoden.eu>:
|Alessandro Vesely wrote in
| <8e3080de-64c8-40ae-87be-9538bd2be...@tana.it>:
...
||If signing 821.To could somehow be made into a separate signature, the
||"classic" alias forwarding would not break the other (part of the) \
||signature,
||which would therefore be more compatible with DKIM1.
|
|In ACDC you set the O flag to claim message ownership. Only then
|you are allowed to create signed subsignatures which contain
|different envelope from/to.
|Ie, since the envelope *is* changed, the O flag *will* be set, for
|ACDC-enabled receivers.
...
|Yes, it is true that ACDC does not yet offer any flag to signal
|"there are changes to [only] the RFC 5321 envelope", which
...
|But with the O flag, and the flag i will add to ACDC in a couple
|of minutes, future software can rime on it.
P.S.:
actually i had/have a
O flag: SHOULD/MUST it be set upon change of 5321 envelope data?
ie can NetBSD lists simply pass through?
todo entry locally.
Other than that, if "O" ("hop claims message origination") is set
but "D" ("message modified, differential data exists") is not,
a change of the 5321 envelope data seems a logical cause of "O".
Nonetheless being explicit seems to be a very good thing, also
because who knows what the future brings, so "E" (5321 envelope
modified") i added.
And the above is for me and tonight being answered as "yes".
But maybe it is only late.
And only "yes" in conjunction with "A" ("access control active"),
since the subsignature with envelope information can be verified
cryptographically. (But, again.)
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
