On Oct 21, 2010, at 11:13 AM, John R. Levine wrote:
The verifier MAY treat unsigned header fields with extreme
skepticism, including marking them as untrusted or even deleting them
before display to the end user.
That's an example of the bad advice that I think we should drop from
4871bis. It does nothing to improve robustness or interoperability, just
offers unsolicited advice to MUA developers.
As this conversation has continued, I'm increasingly convinced that the only
sane path forwards is to have a separate Informational or BCP document
containing MUA considerations. The only question is whether that'd be
restricted to considerations we've discovered while discussing DKIM (in which
case it might fit in this WG), or open to all the stupid MUA tricks this
community has seen since rfc733 (which should probably be a new WG.)
Either way, I'd be interested in participating in the effort.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html