On Sun 17/Mar/2024 14:02:23 +0100 Dave Crocker wrote:
On 3/16/2024 1:31 PM, Slavko via mailop wrote:
And the same RCF clearly suggests to leave other (even invalid)
signatures untouched.
Which text in RFC 6376 says that?
Perhaps you are thinking of Section 6.1 which includes:
INFORMATIVE NOTE: The rationale of this requirement is to permit
messages that have invalid signatures but also a valid signature
to work. For example, a mailing list exploder might opt to leave
the original submitter signature in place even though the exploder
knows that it is modifying the message in some way that will break
that signature, and the exploder inserts its own signature. In
this case, the message should succeed even in the presence of the
known-broken signature.
which notes it might be done, but certainly is not advice to do it. (Also note
the paragraph is informative rather than normative. Also note the reference to
mailing lists, as being discussed here.
Mailing lists modify messages in a de-facto standard way. It is possible to
automatically undo such changes and verify the original signature, if it is
left intact. For Dave's message I had:
Authentication-Results: wmail.tana.it;
spf=pass smtp.mailfrom=mailop.org;
dkim=pass reason="Original-From: transformed" header.d=dcrocker.net;
dmarc=pass header.from=mailop.org;
arc=fail (1 set(s)) smtp.remote-ip=91.132.147.157
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
