Re: signature numbering.
On 3/6/25 4:06 PM, Allen Robinson wrote:
It invalidates the originating signature though (actually all of
the previous with different rcpt-to). This seems at odds
"mutation" goal too.
The signatures form a chain. The recipient address of one signature is
expected to be aligned with the source address in the next header in
the chain. A verifier would only be looking for the current 821.From
to be equal to the most recent (highest instance number) signature
header in the message.
Here is why I'm completely confused: section 3.5 of rfc 4871 says the
DKIM-Signature SHOULD be treated as if it were a trace header. Is the
implication here that (re)signers regularly ignore that requirement? If
not, what exactly is the problem? I've seen more than a few messages
with multiple signatures and I don't recall ever seeing one that
violated that, but for me it's admittedly anecdotal. This pretty much
baffled me with ARC too, which seemed to elevate that to a key feature
that somehow mattered.
Mike
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
