On Tue, 15 Apr 2025, Bron Gondwana wrote:
I think it would be workable to say that if a header you sign is a trace or
resent header, the signature includes all the instances
below the signature itself, and if a mail system reoders them, which it
shouldn't, too bad, the signature breaks.
The plan right now is that any header with a name starting with DKIM2- must
have an n= item, and all headers with n= less than or equal to the current
DKIM2-Signature header's n= are implicitly signed (in alphabetical order,
lowest n= first)
Makes sense. Any thought about Resent-xx headers?
I have mixed feelings about them. They've been around since RFC822, but
they're vanishingly rare. I can get Alpine to generate them using the
Bounce command, but when I bounce a message to Gmail or Outlook, they
don't show the Resent headers at all.
R's,
John
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
