Murray S. Kucherawy wrote:
Tony Hansen wrote:
Not at all. MUAs shouldn't just *display* the results of A-R as an
indication of goodness/badness of the sender. However, it can certainly
process the A-R information and *combine* it with reputation and/or
accreditation information in order to generate something that CAN be
displayed to the end user.
I think MUAs should be free to indicate, without even consulting
reputation, an authentication result that fails (i.e. a forgery of
some kind).
The opposite, expressing "you should trust this", definitely requires
reputation.
Well, as a reality check Y! mail does annotate the verification passing
and the world has continued to spin. Getting into this sort of UI guideline,
IMO, is best left to UI and usability experts which I don't think any of us
are. Which is to say that we should avoid it.
Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html