On Fri, Mar 21, 2025 at 2:43 AM Tim via users users@lists.fedoraproject.org wrote:
On Fri, 2025-03-21 at 16:26 +1030, Tim via users wrote:
On a whim, I picked "unclassified" for this reply, to see what it does, and if it makes it through the list server.
It came through the list with the header.
However, if I reply to such a classified (of some kind) message, the reply will not have the security header unless I deliberately add one while replying. And you'd be unaware of this when replying.
C minus, needs more thought.
Not copying previous headers is usually a good strategy. Consider the case of the Expires: header in marketing email,[1] indicating when a message should be hidden by the UA or deleted by the server. You would not want a reply to be hidden based on an old Expires: header.
And a more interesting use case (to me)... what happens when a sender's UA specifies one Security: header, and the receiver's server adds a different Security: header? What does the receiver's UA display?
[1] https://mailarchive.ietf.org/arch/msg/mailmaint/MgtSuOJFfgWbTFuAZjGwXNDMcqo/
Jeff