There's a certain point at which the answer to questions has to be
"don't do that".
But if it is done by the MUA, the problem is that fully comformant
SUBMIT agents or various sorts of other conforming intermediaries
can and often will wreck the signature.
Seems to me that if the MUA does all the stuff in section 8 of RFC
4409 before it signs the message, the chances are pretty good that the
signature won't break. Yes, in theory the SUBMIT agent might still
rewrite the headers and reformat the body, but my admittedly limited
experience suggests that for the most part they will leave valid parts
of a message alone. So if you want to sign in the MUA, be sure your
MUA creates valid messages, or you use a shim that runs on the client
machine that cleans up and signs.
I think that content conversion *must* be viewed as a gateway
function, and that surviving gateways is already a challenge for
DKIM.
Right. I think we all agree that we want DKIM signatures to survive
what one might call routine relay mutation. Beyond that, the relay
needs to re-sign.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html