On Mon 31/Mar/2025 21:32:54 +0200 John Levine wrote:
Most (all?) non-trace headers are defined to occur only once, like From: and
Subject:
How about we say that if a signer or verifier sees more than one of them, stop
and the result is failure, no oversigning needed.
+1, make this part of the Internet Message Format mandatory.
The only trace header I think it's likely we'll sign is the previous DKIM2 signatures
which is easy enough, just sign them in order up through the current one.
Rather than signing DKIM2-Signature:'s (or whatever they're named), the idea of
an hh= hash of them seems to be more resilient. If there is a non-reversible,
complex change, we can still verify the chain, similar to ARC's AS.
I suppose there's the Resent-blah: trace headers, but since we're signing
the envelope recipient already, do we care?
A duly compiled and signed chain of Resent-*: fields would allow a check
equivalent to comparing the envelope. If we seek extended compatibility, it
could allow re-entering the DKIM2 ecosystem.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
