https://bugs.exim.org/show_bug.cgi?id=1310
Jeremy Harris <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|-- |Exim 4.88+ --- Comment #8 from Jeremy Harris <[email protected]> --- Not quite, as I read it. We'll need to edit the to-be-signed list of headers as new headers are noticed, for each match a) adding to the signed block (and h=) and b) knocking that header out of the list. Then when we run out of message, add (once) to h= any remaining in the list. This gets us - only headers in the list are signed - headers can be listed in duplicate - non-present, but listed, headers are "signed" as absent I'm not seeing that we need any further options. The current coding produces a signed message which is self-consistent (signing vs. h= declaration of signing) but is not a full implementation (does not support oversigning; indeed misses doing it in a great preponderance of cases - non-mailinglist messages). The proposed solution will still be self-consistent (so verifiers should still verify) but will have that support. I don't think the extra use-case noted in #c2 is worth supporting. We might think about the other direction: always oversigning (all? some specified list of?) headers, however many there are of a given one. But probably that's not this bug number. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
