"Graham Murray" suggested:
Roy Badami <roy(_at_)gnomon(_dot_)org(_dot_)uk> writes:
The effect of this is that even if the users MUA is Sender ID aware,
and displays the PRA, there's no guarantee it is displaying the same
identity that was validated by the MTA.
Which is why it would be better for the MTA to create a header to
inform the MUA of the PRA and for the MUA to display that. If this
were done then it would be necessary to specify that the MTA MUST
remove any such headers already in the mail.
This introduces its own security weakness:
If the senders are forging the additional tag, and the MTA, for some reason or
another, is not removing the headers - the MUA cannot detect that the header is
bad.
See my post:
http://www.imc.org/ietf-mxcomp/mail-archive/msg03118.html
for some of the circumstances in which this can occur.
You end up with the MTA including time-stamps and host-identities in the
additional header, and then you have to cryptographically sign it, and give the
MUA the means to validate the signature.
It's almost as easy just to sign the entire original message and solve the whole
problem at one stroke!
Chris Haynes