Franck Martin wrote:
Steve Atkins mentioned:
This (entirely RFC valid yet completely broken) behaviour has bitten me
a couple of times.
Hector followed up:
+1
If everyone (mail transport/mail handlers) just followed the basic
mail networking principle of:
Thou should not touch passthru mail (except for network traces)
Are there the same issues with PGP or S/Mime email?
RFC3851 (S/MIME) states this under the security section:
Modification of the ciphertext can go undetected if authentication is
not also used, which is the case when sending EnvelopedData without
wrapping it in SignedData or enclosing SignedData within it.
IMO, with the known issues in the wild related to using MIME parts, I
would say yes. Since our MSA/MDA/MTA does not tamper with passthru
mail and since we never heard of a complaint, it will suggest it
didn't cause problems for any customer either. My general point is
based on painful experiences learned with multiple different mail
networking software (old and new) and the common and basic long
traditional rule of thumb was to refrain from screwing around with
passthru mail and when followed, things generally worked better, there
were less issues, less surprises and future things would basically fit
right in.
With new needs such as EAI (internalization) and DKIM
(authentication), it is highlighting the cases where certain methods
in the network were not ideal.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html