On Oct 28, 2004, at 10:37 AM, Dave Crocker wrote:
There is no automatic requirement that the recipient user see anything about the signature.
Says you. This group has no requirements at all. :) On Oct 28, 2004, at 11:39 AM, Michael Thomas wrote:
Dave Crocker writes:The mailing list processor is responsible for injecting the message into the transfer service. Therefore the only signature that is valid for mail coming from it is the mailing list signature. The original authors are not accountable for the potentially arbitrary behavior of mailing list processors.I completely disagree. Mailing lists are nothing more than special types of forwarders.
I don't think there is any consensus in the broader IETF community on the role of a mailing list. It is not an MTA but it is also not an MUA. I've seen these arguments before and this has never been resolved.
On Oct 28, 2004, at 1:06 PM, Robert Barclay wrote:
I would actually go one step further here and say that it is a specific goal that the output of the mailsig mechanism is transparent to any MUA that has not been specifically designed to know what to do with it. For most normal users (the ones, as receivers, most in need of this kind of protection) attachments they do not recognize or extra unrecognizable text in the body of a message makes the message appear less trustworthy rather than more.
I understand your concern, but "any"? If it is to be "any MUA" then we might as well stop now. I think "most common MUAs" is a better goal.
-andy
smime.p7s
Description: S/MIME cryptographic signature