Um, I think this might be a good time to review what DKIM
is and isn't. It's intended to protect messages in transit,
not in archives. Umpteen years later, with or without
Resent headers, the signing key is unlikely still to be
in the DNS, so any process that depends on verifying DKIM
on old messages won't work. ADSP doesn't change that.
If the ADSP draft somewhere states that adding Resent-* in
some legit or malicious ways is intended to bypass all ADSP
processing I missed it: I only looked for strings beginning
with "resent-".
There aren't any, since as you perfectly well know, the only header
that ADSP looks at is From:. Adding Resent-* headers has no effect
unless the DKIM signature is set to break when they're added.
I have to say this argument makes no sense to me. Nothing about DKIM
works if you take an ancient message and remail it, since the keys are
not long-lived. Furthermore, nothing in section 3.6.6 of 2822 or
2822bis says that adding Resent- headers is supposed to make people
handle mail in any particular way.
I suppose that "discardable" makes it a little more explicit that
people might treat such mail unfavorably, but it shouldn't come as a
big surprise that mail with stale or broken signatures is less likely
to show up in people's inboxes, with or without Resent-* headers and
with or without ADSP.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html