Other RFCs are either obsolete, or talk about some crypto specifics.
All you really need to know is that DKIM signs the message to prevent tampering. This includes the content and "from" header (optionally other stuff). Anyone can sign it, but its up to the verifier to decide which of the signatories to "trust". For example, you dont NEED to sign with the senders domain key, which is why google is flagging this 3rd party signature with some custom UI.
DMARC formalises this with identifer alignment, to ensure that a signatories domain key matches the "from" address domain.
Other RFCs are either obsolete, or talk about some crypto specifics.
All you really need to know is that DKIM signs the message to prevent tampering. This includes the content and "from" header (optionally other stuff). Anyone can sign it, but its up to the verifier to decide which of the signatories to "trust". For example, you dont NEED to sign with the senders domain key, which is why google is flagging this 3rd party signature with some custom UI.
DMARC formalises this with identifer alignment, to ensure that a signatories domain key matches the "from" address domain.