Eric agreed:
I'm inclined to agree with the consensus. There may be situations
where you verify a signature and then pass the message through an
untrusted environment, in which case you might want to re-sign and
re-verify the message, but I suspect they will be rare. Consider that
this would effectively double the crypto overhead on verifiers, and it
really looks like making this a SHOULD is an expensive solution to
what will be for most people a non-problem. I would say that it
should be at most a MAY.
+1
If it's an issue for a particular site, they can easily solve it without
affecting anyone else.
If it's not an issue for a particular site, they can easily ignore it
without affecting anyone else.
--
J.D. Falk
Receiver Products
Return Path
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html