On 10/Feb/10 18:22, Murray S. Kucherawy wrote:
Could the MDA add a DKIM signature for the authentication results header?
Yes, it could. However, removal of the field on forwarding would then break
the signature.
True, but you don't have to do that.
But retention is only allowed for trusted internal MTAs.
More accurately, removal is required if the A-R header claims to be one of
yours but it's not coming from an MTA you trust (e.g. one of your border MXes).
An A-R header claiming to be from elsewhere doesn't have to be purged, so a
signature covering it would continue to validate. The MUA, however, is
supposed to know to ignore those.
Thanks for the clarification! The last sentence in section 5 kept
confusing me...
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg