On 30/06/2022 01:04, John Levine via mailop wrote:
It appears that Vsevolod Stakhov via mailop <vsevo...@rspamd.com> said:
I agree that would've been better than ARC. However, it'd still need to
know which recipients are mailing list supporting DKIMv2 and operate
accordingly. ...
Not necessarily. On a small system you could put fowarding signatures
on all the mail you send and hope, probably correctly, that the people
to whom your users send mail are unlikely to do malicious things with
it.
If we ignore unknown tags safely then this extension can be introduced
without any additional issues with the compatibility I suppose.
If your DKIM verifier doesn't ignore unknown tags, it's not going to
work. People add random tags all the time.
I agree that it is a bug, and I have already pushed a fix for this issue
to the Rspamd sources tree.
But I disagree that 'people add random tags all the time': this dkim
implementation has been used in Rspamd for like 10 years, and I have not
received a single complaint on a wrong behaviour due to an unknown tag
(it led to a specific unique error that must have been noticed somehow).
That's why I'm curious if there are any other implementations that
refuse unknown tags.
Furthermore, if you have by a chance any example of the correct DKIM
signature but with a non-standard tag, then I'd really appreciate if you
can somehow share it with me, as it will help me to write an integration
test for this particular part of the DKIM verifier.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
