mail-vet-discuss
[Top] [All Lists]

Re: [mail-vet-discuss] Draft as of 9/4/2007

2007-10-14 09:35:27
John Levine wrote:
Any MTA that is concerned about client security and misinterpretation
should strip out ALL AR headers except for its own.  Anything else
opens up ambiguities in terms of who the client can trust.

Except that breaks an actual use case.  I have a bunch of mail
addresses other places that forward mail to my regular address.  The
forwarders are all easy to recognize due to fixed IP addresses and
consistent received header syntax.  The AR headers that the forwarders
add would be quite useful to me, and I really don't want to have to go
patching my MTA to tell it what users expect mail forwarded from what
places in order to get to look at them.

Surely you're not advocating a MUST NOT strip, or even a SHOULD NOT
strip. The third parties can sign after all and then you'd just trust them directly. Trying to expect unauthenticated cross administrative good bits to remain good
is pretty crazy if you ask me.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] Current Thread [Next in Thread>