Seth Goodman writes:
From: Tony Finch
Sent: Thursday, October 07, 2004 12:40 PM
<...>
Say you implement verification on your border MTA, and then some internal
MDA then alias-forwards it to an external organization. You want them to
be able to authenticate the original sender of the message.
I was overly restrictive when I said MTA. What I think is important is that
the signature be removed before the message is delivered to the MUA.
Why? And should I assume that you mean that signatures must
be removed *always*? This seems like a local policy decision
that the receiving MTA and/or MTA can decide all on their
own whether they want to scrub the headers, but IMO, there
should be a pretty compelling reason to scrub them since
mail might get forwarded, etc, etc.
If
forwarding can be done by the MDA, then the MDA should have the
responsibility to remove the signature in the case of local delivery to an
end-user. If an end-user system wants to automatically forward mail, it
should use re-mailing rather than alias forwarding. The end-user system is
now the new message originator.
The idea that there is exactly one "originator" seems
wrongheaded to me. Stripping the signatures to enforce that
point even worse. Why people seem intent with throwing away
interesting information is rather curious to me. What does
it buy you? Keeping them there, on the other hand, buys you
a lot: traceability, potential survival through bounces and
forwards, etc, etc. The flip side is that a robust receiver
MUST be able to deal with multiple signatures anyway (be
liberal in what you accept...). I just don't get it.
Mike