On Sun 11/May/2025 21:11:52 +0200 John Levine wrote:
It appears that Alessandro Vesely <[email protected]> said:
The real case is lists writing [email protected]. When I can
revert the MLM transformation, I restore the original From: field, especially
for the recipient's use. For reports, the question is whether the author
domain wants to know. People set p=quarantine; pct=0 (now t=y) in order to
avoid reports showing DKIM verification errors.
Hey, wait a minute. You are confusing two entirely different things.
In this discussion we are looking at the conceptual unmunging needed to
reverify previous signatures. That doesn't change the message, only
the way you recompute the hashes.
Right.
When you deliver a message, if you want to undo that particular change to make
it easier to reply to list messages, that's not a bad idea, and it's something
I've been doing for years on my mail system.
Yup, it's a curious protocol. The forwarder munges From: and the receiver
restores it, after DMARC evaluation. (Maybe someone should specify what header
field to use, Original-From:, X-Original-From:, Author:,...)
But it's not related to DKIM2*.
Blind restore of From: is prone to abuse. Verification of the author's domain
signature ensures a safe operation. In some cases this is already possible
with DKIM1. DKIM2 should to ensure that this operation always succeeds.
* - unless, I suppose, the message is forwarded again and you have to add the
unmunge in the next signature, bhat's no different from any other change.
That's right, any external dot-forward must be done before unmunging, unless
the forwarding machinery is set up to munge From: itself.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
