ietf-mailsig
[Top] [All Lists]

RE: Signature Failure Analysis

2004-12-02 02:22:53

On Wed, 2004-12-01 at 18:20 -0800, Douglas Otis wrote:
Rather than waging a battle over how robust a signature should be, by
allowing a message-state header that describes the message content to
detect what has been damaged could easily serve two very legitimate
purposes.... 

That's an idea with a lot of merit. Certainly I'd like to see this
_kind_ of approach taken -- let the sender declare what was really sent,
and let the recipient decide what they want to accept. Having fuzzy
policies where different senders will do different things in the _same_
situation, like SPF records ranging from '-all' to '?all' for unknown
hosts, is going to make it a _lot_ harder for people to tune their
rejection policies.

As Jim points out, copying the headers performs a similar function in
this respect too.

-- 
dwmw2


<Prev in Thread] Current Thread [Next in Thread>