On Mon, 03 Dec 2007 18:00:45 -0000, Murray S. Kucherawy <msk(_at_)sendmail(_dot_)com>
wrote:
This came up both at the last IETF and at this one, so I thought it
worth opening up here once before I submit the draft to the area
director.
Should the normative text in the draft specify that this header SHOULD
be signed?
I might not go as SHOULD, but certainly the practice should be encouraged
in suitable cases. These include
1. where the mail is to be sent further using SMTP (whether within the
final delivery boundary or not - note that such boundaries are not always
clearly recignised, even within their supposed borders).
2. As a particular case, when the mail is explicitly forwarded as in
mailing lists, especially if the mailing list has altered the message in a
manner which breaks the original signature.
But, as a corollarly, it should be stated that these headers SHOULD NOT be
removed at boundaries in cases where they are covered by such a signature
(I probably mean a signature that verifies correctly).
Note that I am speaking of headers that confirm a dkim signature here - I
am not sure about headers that confirm other protocols.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html