[exim-dev] [Bug 2394] DKIM docs reference obsolete RFC

Top Page

Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2394] DKIM docs reference obsolete RFC
https://bugs.exim.org/show_bug.cgi?id=2394

Richard James Salts <exim@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |exim@???


--- Comment #4 from Richard James Salts <exim@???> ---
I do think oversigning all of the headers listed in the RFC is overzealous, and
is not what opendkim does (which I believe is reference implementation). I do
think that opendkim errs on the side of not oversigning enough as people can
replay signed emails and alter the appearance with common MUAs and still
validate as described at
https://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html. At the
moment I have exim configured with dkim_sign_headers =
+From:+Sender:+Reply-To:+Subject:+Date:+Message-ID:+To:+Cc:+MIME-Version:+Content-Type:+Content-Transfer-Encoding:+Content-ID:+Content-Description:+Content-Disposition:=Resent-Date:=Resent-From:=Resent-Sender:=Resent-To:=Resent-Cc:=Resent-Message-ID:+In-Reply-To:+References:=List-Id:=List-Help:=List-Unsubscribe:=List-Subscribe:=List-Post:=List-Owner:=List-Archive

I subscribe to the postfix-users mailing list which is unique in that they
don't alter the subject or message body, however they do still break my
signatures by adding a Sender header, so maybe making =Sender instead might be
better as most MUAs don't display the header anyway.

--
You are receiving this mail because:
You are on the CC list for the bug.