On Mon, Dec 01, 2008 at 11:33:34PM -0800, Murray S. Kucherawy wrote:
My first inclination was simply to remove the normative text and provide discussion about both possibilities. I find myself, however, wanting to err on the side of mistrust of the unknown, thus saying implementors at the border SHOULD remove all of them but might have good reason to let certain specific ones slip in (John Levine's example of trusting those added at his ISP comes to mind). Is the suggestion here to leave the current text in section 5, but amend it with additional language explaining that there may be legitimate reasons to leave those with foreign authserv-ids in the message as it transits inward? Or perhaps those with specific external authserv-ids? What do others think?
If all untrusted headers are removed at the edge, we don't need an "authserv-id" field at all, and the MUA's job is much easier. Presumably "authserv-id" is there to: - Reduce required header modification, gateways only remove AR headers in cases of "forgery", when the local ADMD's AR header is seen in external email. - Avoid unnecessary breakage of external DKIM signatures, forwarded mail should not have AR headers removed, because they may be covered by a DKIM signature. (Or is there language I missed requiring these to not be covered?) So while I would naively prefer a simpler design with no "authserv-id" and all external AR headers stripped, this forces routine removal of headers, which is perhaps not a good idea. -- Viktor. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html