On 05/02/2024 17:02, Hector Santos wrote:
On Feb 3, 2024, at 8:23 AM, Alessandro Vesely <ves...@tana.it> wrote:
RFC 5322 specifies lists for From:, To:, Cc:, Bcc:, Reply-To:,
Resent-From:, Resent-To:, Resent-Cc: and Resent-Bcc:.
My comment was regarding the MUA and the order data is read. I wonder
which MUAs will display a list for Display fields From: and Resent-*. If
any. Are all of these OverSign targets?
Resent-* fields can be added multiple times, so they should not be
[over]signed.
if we go down this road, the recommendation might be to always sign all
headers, including the missing, including ARC and trace headers and
before signing, reorder specific headers to DKIM-ready MUA read-order
standards, if any.
Trace fields, signatures and all "transit" stuff should neither be
signed nor oversigned.
Are MUAs now doing verifications and filtering failures? Or is it the
backend, the host, the MDA, that is still generally responsible for
doing the verification and mail filtering before passing it on to users?
It is debatable whether it is useful to display authentication
information to the end user. Personally, I like to see it.
MUAs which have add-ons probably have one or more DKIM verifiers. Some
implement it natively.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim