On Tue, Apr 15, 2025, at 21:10, John Levine wrote: > It appears that Bron Gondwana <br...@fastmailteam.com> said: > >-=-=-=-=-=- > > > >Honestly, with the capacity to undo header changes from > >dkim2-modification-algebra I would be more inclined to have the spec list > >headers which MUST > >NOT be signed (probably just trace headers), and to list additional headers > >to not sign, rather than additional headers to sign. > > Speaking of trace headers, is the plan that each DKIM2 (or whatever we call > it) signature signs the preceding headers? How > about the Resent-xxx headers which aren't trace headers but might as well be? > > I think it would be workable to say that if a header you sign is a trace or > resent header, the signature includes all the instances > below the signature itself, and if a mail system reoders them, which it > shouldn't, too bad, the signature breaks.
The plan right now is that any header with a name starting with DKIM2- must have an n= item, and all headers with n= less than or equal to the current DKIM2-Signature header's n= are implicitly signed (in alphabetical order, lowest n= first) Bron. -- Bron Gondwana, CEO, Fastmail Pty Ltd br...@fastmailteam.com
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
