On 10/6/2010 8:23 AM, Murray S. Kucherawy wrote:
Of the points I raised, I see that 4.3 still contains "the verifier is
requested to discard the message". It is, of course, the receiver that
actually does any discarding.
I don't agree, at least not in the architecture I have in mind. The verifier
(e.g. a mail plugin of some kind, or an internal function of an MTA) is in a
position to conduct rejections as it sits very near the SMTP portion of a
delivery. The receiver, more likely an MUA or such, is less likely to have
any direct influence.
The verifier might legitimately not be touching the message, nevermind have the
authority to discard the message. Just as signing can be done by an independent
service that "contracts with" the author, sender or the like, so can verifying.
I suggest saying "the holder of the message is requested to discard it".
Also, section 5.6 is still entitled "Pros and Cons of Signature Removal",
and yet the body of that section contains no "Cons".
The first paragraph describes a "pro" of leaving them in (i.e., enabling
preservation of chain of responsibility), and the second describes a "con"
(i.e., if that's a goal, now the MLM might have to change its behavior to do
so). The next paragraph describes a "pro" of removing them, etc.
I'm not a huge fan of having "pro & con" in a title.
Perhaps simply: "Signature Removal Issues".
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html