On Mon, 2004-12-06 at 08:47 -0800, william(at)elan.net wrote:
Resent- headers are used for reintroduction of email by user. The email
should have new message-id and other data that would make it clear this
really is a new message.
I believe that it should have a Resent-Message-Id: and the original
Message-Id: header should remain intact.
MASS is about desiging transport-level message authorization and since
email reintroduced after several days is not the same transport stream
(i.e new message), its existing signature should be ignored.
Now if email is reintroduced quicker then when signature expires, I really
have no problem with signature being checked, but its not our goal
to accomodate user resending.
Right.
However Resent-* header do play role <...>
Now I have different view about Sender and From headers <...>
Forgive me for snipping the actual discussion in which you demonstrate
some of the complexities of trying to use RFC2822 identities for this
task.
If we agree that we're doing this purely for transport-level
authorisation, then using RFC2822 identities buy us nothing over what
we'd get by checking only the RFC2821 sender. Apart from the gratuitous
extra complexity and the increase likelihood that people will implement
it badly, that is :)
--
dwmw2