On Tue, Apr 22, 2025 at 4:56 AM Alessandro Vesely <[email protected]> wrote:
> On Tue 15/Apr/2025 21:21:58 +0200 Bron Gondwana wrote: > > So I'm very interested in a discussion of *"should we have an > exclude-list > > rather than an include-list of signed headers?"* > > Don't sign MIME-Version: especially if it has comments. > RFC 4871 expressly listed that as one that SHOULD be signed. We softened this in RFC 6376 to be basically a debate about whether MIME-Version (among others) represents "core" content. I have always thought of anything that impacts what the user will eventually see as "core" content that DKIM should be covering. So why would we not sign MIME-Version, given that it's key to interpretation and rendering of the message? -MSK
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
