mail-vet-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [mail-vet-discuss] What is the A-R header really for?

2007-10-17 03:44:29
from [Charles Lindsey] [Permanent Link] 
On Tue, 16 Oct 2007 21:54:58 +0100, Michael Thomas <mike(_at_)mtcc(_dot_)com> 
wrote:


Eliot Lear wrote:

So I think in summary we need clearer text on the applicability of this
header, the jist of which should be that MUAs SHOULD NOT in general
process it as authentic information.
Hold on... I don't think that Eric and I would go that far. I think the sense we agreed on is that it's not suitable for human display directly, and that simple mua filter pattern matchers are likely to not be very suitable either. 
An mua that wants to process it using some real programming language
(fsvo "real") shouldn't be discouraged though. I'm more neutral on his
point about reputation, but I think that's orthogonal to the mua question.
Certainly, MUAs should not be showing the A-R header _by_default_, but if the user explicitly configures his MUA to show it (most MUAs allow that), then we should presume the user knows what he is looking for.
But current MUAs are completely unaware of this header, so what we are really concerned about it future MUAs that will recognise it. And if someone has gone to the trouble of upgrading an MUA to make use of this header, then it is reasonable to assume that he will have built in a sufficiently sophisticated algorithm (that knows, for example, what the 'boundary' MTA for that particular email should be) that can deliver a sensible outcome (configurable to suit what the user wants).
So the purpose of adding this header is to do it at a point where the facilities for doing the checking are readily available (which may not be the case at the MUA, which may be operating offline). And that point is also the best place to look up reputations, etc.
Which suggests that this header, in addition to saying "we checked the signatures with such and such result" should also be able to say "and we looked up the reputation of the signer in XXXX registry, which reported it as 'abysmal'/whatever". 

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl 
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [mail-vet-discuss] What is the A-R header really for?, Eliot Lear
Next by Date:  Re: [mail-vet-discuss] What is the A-R header really for?, Charles Lindsey
Previous by Thread:  Re: [mail-vet-discuss] What is the A-R header really for?, Michael Thomas
Next by Thread:  Re: [mail-vet-discuss] What is the A-R header really for?, Tony Hansen
Indexes:  [Date] [Thread] [Top] [All Lists]