https://bugs.exim.org/show_bug.cgi?id=2179
Bug ID: 2179
Summary: Default dkim_sign_headers should be changed or
documented
Product: Exim
Version: 4.89
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: DKIM
Assignee: tom@???
Reporter: iank@???
CC: exim-dev@???
User mail from gmail:
Subject:to:references:from:message-id:date:user-agent:mime-version
:in-reply-to:content-transfer-encoding:content-language
User mail from yahoo:
Date:From:To:Subject:References:From:Subject
And exim:
Date:Message-Id:Subject:To:From:Sender:Reply-To:Cc:
MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive
One reason people would prefer not signing list related headers
(especially ones that don't exist in the sent message): some mailing
lists, such as debian's, keep dkim signatures of list posts intact and
add list related headers in order to be compatible with strict dmarc
policies. But signing List- headers breaks that.
If you don't change the default, at least fix the current
documentation. It says "the header names recommended in RFC4871 will be
used"
And RFC4871 says
"header fields SHOULD be included in the signature, if
they are present in the message being signed:"
Adding headers that are not present in the message is clearly
not "recommended in RFC4871".
Note, this default has been discussed before:
https://lists.exim.org/lurker/message/20160923.160045.ac36e4ca.en.html
and
https://bugs.exim.org/show_bug.cgi?id=1309.
--
You are receiving this mail because:
You are on the CC list for the bug.
