On Wed, 25 Aug 2010 00:47:20 +0100, Hector Santos <hsantos(_at_)isdg(_dot_)net>
wrote:
Rolf E. Sonneveld wrote:
Although DKIM does not specify (as far as I know) what to do with DKIM
signatures in inner bodyparts, I think DKIM signatures should never be
removed without a good reason.
If you believe this, then you have to advocate the removal of the RFC
4871 mandate regarding invalid signatures changing to no-signature
status as if it never existed and the message was never signed.
Not so. A retained, but now invalidated, signature should have no effect
on the behaviour of an assessment engine (well almost so - it might like
some assurance that it HAD been signed previously before proceeding to
consideration of the trustworthiness of the MLM's signature, but an A-R
header would provide that).
No, the purpose of retaining that signature is primarily for forensics.
Given that it is meaningless for protocol purposes for the reasons you
gave, it cannot possibly do any harm. Destroying it would do some minor
harm (hindering any forensic investigation). It would also frustrate geeks
who might like to reconstruct the original signed message for verification
purposes, but they are not the primary custimers of any retention. It is
simnply a matter of not destroying potentially useful evidence.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html