[exim] Re: List headers [Was: DKIM does not work]

Inizio della pagina
Delete this message
Reply to this message
Autore: Markus Reschke
Data:  
To: Andrew C Aitchison via Exim-users
Oggetto: [exim] Re: List headers [Was: DKIM does not work]
Hi!

On Mon, 23 Oct 2023, Andrew C Aitchison via Exim-users wrote:

> I believe that the default for dkim_sign_headers should have '=' at least for
> each of the List-* headers,
> as Andreas has done.


Yes, that would be reasonable.

BTW, RFC6376 comes with inconsistencies about the headers to sign. In
section 5.4. 'Determine the Header Fields to Sign' it notes:

       INFORMATIVE OPERATIONS NOTE: The choice of which header fields to
       sign is non-obvious.  One strategy is to sign all existing, non-
       repeatable header fields.  An alternative strategy is to sign only
       header fields that are likely to be displayed to or otherwise be
       likely to affect the processing of the message at the receiver.  A
       third strategy is to sign only "well-known" headers.  Note that
       Verifiers may treat unsigned header fields with extreme
       skepticism, including refusing to display them to the end user or
       even ignoring the signature if it does not cover certain header
       fields.  For this reason, signing fields present in the message
       such as Date, Subject, Reply-To, Sender, and all MIME header
       fields are highly advised.


But in 5.4.1. it neither lists 'Sender' nor any MIME related headers. And
the note above indicates to sign present headers. A lot of leeway on how
to interpret the RFC.

ciao
  Markus
-- 
/ Markus Reschke              \
\ madires@??? /



--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/