-----Original Message-----
From: John R. Levine [mailto:johnl(_at_)iecc(_dot_)com]
Sent: Thursday, October 14, 2010 10:50 AM
To: Murray S. Kucherawy
Cc: DKIM List
Subject: Re: [ietf-dkim] layer violations, was detecting header mutations
after signing
Well, now we're back to my question to Dave, what's the advantage of
leaving that as folklore rather than putting it in the spec other than the
warm theological feeling of somewhat preserving layer distinctions, except
for all the places we already didn't?
Why does it have to be normative? Authentication-Results has no normative
"watch out for weird input" SHOULDs or MUSTs, but instead has an extensive
discussion of possible issues in its Security Considerations section. That's
what secdir asked for, and I was fine with that.
(It actually does have some normative MUA advice. Wonder how that happened.)
Nobody's saying this has to be relegated to "folklore". We can put a gigantic
treatise on this in an informative appendix making this the biggest RFC ever if
it will make people feel better. I just don't think it can be reasonably made
normative.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html