Steffen Nurpmeso wrote in
<20251011233417.7k_elUJn@steffen%sdaoden.eu>:
|Hello, please let me try it again with that unsubscribed address.
A-ha, it gets through. Thank you very much.
(I will not be there, "must be present" or not.)
What i was thinking ... Ah! Yes, for your possible interest, as
it could be that most of you have not recognized it yet, i see
a new trend, which i described, on the postfix-users list, in
a response,
[.]but i want to state, and in public,
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=XXX;
s=google; t=1759588917; x=1760193717; darn=postfix.org;
h=to:subject:message-id:date:from:mime-version:
from:to:cc:subject:date:message-id:reply-to;
that you *too* (it is a trend that fosters happiness on the
arrival of a future DKIM healing bearer, for the wrong reasons)
only sign MIME-Version, but not Content-Type:, which is, well,
pretty useless, aka insecure (searching "noxxi dkim attack" should
give results).
...
Mailing-Lists must mitigate if they break signatures, therefore
the only premise can be -- not only to me -- to sign as much as
goes. Note some broken mailing-lists (the one of the IETF, for
example) do not care if the original signature arrives in a broken
state downstream, so an explicit DMARC DNS record may be
beneficial to you.
...
Yes. I, btw, happily see in the above another thoughtful and
highly engineered IETF solution, darn! (darn! darn! darn!,
practically speaking.) I like bullshit mountains of highly
refined engineering solutions! They make so many things better!
Yah.
Ciao from Germany,
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
