Hector Santos wrote:
Hope this provide some insight.
Yes. Following your pseudo-code I get "surprising" FAILs for
the Resent-* cases:
A signed mail with "strict" SSP is Resent-From Jou User. The
included original signature is valid, everxything works, UNLESS
Joe's mail service provider signs all outgoing mails. Then the
resent mail would have two signatures, one by Joe's provider,
and that second signature FAILs for a "strict" SSP.
That shouldn't happen, it's completely out of Joe's control.
Aa requirement that would be:
"The protocol" MUST be either compatible with "resent mail",
independent of the signing practices of a resending service,
or explicitly explain why and when that's expected to fail.
That would affect section 5 5 in the DSAP draft.
NOTE WELL: This list operates according to