On Tue, 16 Oct 2007 21:54:58 +0100, Michael Thomas <mike(_at_)mtcc(_dot_)com>
wrote:
Eliot Lear wrote:
So I think in summary we need clearer text on the applicability of this
header, the jist of which should be that MUAs SHOULD NOT in general
process it as authentic information.
Hold on... I don't think that Eric and I would go that far. I think the
sense
we agreed on is that it's not suitable for human display directly, and
that
simple mua filter pattern matchers are likely to not be very suitable
either.
An mua that wants to process it using some real programming language
(fsvo "real") shouldn't be discouraged though. I'm more neutral on his
point about reputation, but I think that's orthogonal to the mua
question.
Certainly, MUAs should not be showing the A-R header _by_default_, but if
the user explicitly configures his MUA to show it (most MUAs allow that),
then we should presume the user knows what he is looking for.
But current MUAs are completely unaware of this header, so what we are
really concerned about it future MUAs that will recognise it. And if
someone has gone to the trouble of upgrading an MUA to make use of this
header, then it is reasonable to assume that he will have built in a
sufficiently sophisticated algorithm (that knows, for example, what the
'boundary' MTA for that particular email should be) that can deliver a
sensible outcome (configurable to suit what the user wants).
So the purpose of adding this header is to do it at a point where the
facilities for doing the checking are readily available (which may not be
the case at the MUA, which may be operating offline). And that point is
also the best place to look up reputations, etc.
Which suggests that this header, in addition to saying "we checked the
signatures with such and such result" should also be able to say "and we
looked up the reputation of the signer in XXXX registry, which reported it
as 'abysmal'/whatever".
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html