November 21, 2023 at 10:51 PM, "Wei Liu" <wei.liu@xxxxxxxxxx> wrote:
> Uros, just so you know, DKIM verification failed when I used b4 to apply
> this patch. You may want to check your email setup.
This is not actually Uros's fault. Recently, Gmail started adding a forced expiration field to their DKIM signatures, via the x= field:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1699981249; x=1700586049; darn=vger.kernel.org;
^^^^^^^^^^^^^
This gives the signature an enforced validity of only 7 days. Since the original message was sent on November 14 and you're retrieving it on November 21, this causes the DKIM check to fail.
I need to figure out how to make b4 ignore the x= field, because it's not relevant for our purposes, but the library we're using for DKIM doesn't currently have any mechanism to do so. I will open an RFE with them in the hopes that we can get this implemented.
Regards,
-K
