mail-vet-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [mail-vet-discuss] SHOULD the header be signed?

2007-12-03 13:42:34
from [J D Falk] [Permanent Link] 
Eric agreed:


I'm inclined to agree with the consensus.  There may be situations
where you verify a signature and then pass the message through an
untrusted environment, in which case you might want to re-sign and
re-verify the message, but I suspect they will be rare.  Consider that
this would effectively double the crypto overhead on verifiers, and it
really looks like making this a SHOULD is an expensive solution to
what will be for most people a non-problem.  I would say that it
should be at most a MAY.


+1

If it's an issue for a particular site, they can easily solve it without
affecting anyone else.

If it's not an issue for a particular site, they can easily ignore it
without affecting anyone else.

--
J.D. Falk
Receiver Products
Return Path 

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [mail-vet-discuss] SHOULD the header be signed?, Eric Allman
Next by Date:  Re: [mail-vet-discuss] SHOULD the header be signed?, Murray S. Kucherawy
Previous by Thread:  Re: [mail-vet-discuss] SHOULD the header be signed?, Eric Allman
Next by Thread:  Re: [mail-vet-discuss] SHOULD the header be signed?, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]