On Apr 18, 2006, at 10:42 AM, Scott Kitterman wrote:
From a protocol design perspective, I think the right answer is to
design for the case where the receiving MTA/MDA will check the
signature and record a result that, if appropriate, an MUA can use.
Depending upon an unsigned "results" header being added to the
message is an unsafe practice.
It is not practical to determine who added the "results" header,
whether the MDA strips/adds all prior results headers, and whether
all possible backup and alternative paths also strip/adds all
"results" headers. Retaining the integrity of the DKIM signature for
a suitable period should permit message verification for transports
that carry messages beyond the MDA. Message protection beyond SMTP
is an important aspect of DKIM. Reliance upon a results header may
produce many years of victims that DKIM intended to protect.
Explain the motivation for not including DKIM protection beyond SMTP?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html