John Levine wrote:
Can anyone see a better way of reliably determining which is the 'most
recent sender'? One option would be for the signing party to _remove_
the Sender: header if signing a Resent-Sender: address. I'm not sure I
like that much though. Better options?
Well, the signature can say which address it signed.
Or even, the signature can specify the signing address itself,
explicitly, rather than refer to some other header. Does it really
matter whether this is the Sender address, or some Resent-From or
Resent-Sender? All that matters is who is vouching for the message, and
what their reputation is. Sure, this doesn't require that the signer
have a 'role' in the handling of the message, but neither does the other
way (a rogue signer could just substitute their address as Sender, and
then sign it).
On the theory of not trying too hard, I think a signature system
should have a really simple algorithm to verify the signature, one
that doesn't go anywhere near heuristics about guessing which header
means what or was applied by whom when. If a message is too mutated
to pass, then it doesn't pass, and we tell whoever's running the
mutator to sign if they want to play.
Right. Accept any signature that passes, regardless of what header it
might be associated with (if any).
I still think, though, that it would be a Best Practice for a recipient
MUA to display the signer's address if it's different from the From
address. But that isn't under our control here.
There are a lot of forwarders that forward without mutating at all,
the pobox.com and ieee.org and .forward style ones that are typically
set up at the request of the recipient and forward to a single place.
It's also common for mail to hop from host to host within a mail
system, again without any mutation. Those are the only ones that I
think are worth trying to survive.
Actually, my ieee.org mail gets some spam content analysis headers
appended which will break some things.
-Jim