On Mon, Dec 01, 2008 at 11:33:34PM -0800, Murray S. Kucherawy wrote:
My first inclination was simply to remove the normative text and provide
discussion about both possibilities. I find myself, however, wanting to
err on the side of mistrust of the unknown, thus saying implementors at
the border SHOULD remove all of them but might have good reason to let
certain specific ones slip in (John Levine's example of trusting those
added at his ISP comes to mind).
Is the suggestion here to leave the current text in section 5, but amend
it with additional language explaining that there may be legitimate
reasons to leave those with foreign authserv-ids in the message as it
transits inward? Or perhaps those with specific external authserv-ids?
What do others think?
If all untrusted headers are removed at the edge, we don't need an
"authserv-id" field at all, and the MUA's job is much easier. Presumably
"authserv-id" is there to:
- Reduce required header modification, gateways only remove
AR headers in cases of "forgery", when the local ADMD's AR
header is seen in external email.
- Avoid unnecessary breakage of external DKIM signatures, forwarded
mail should not have AR headers removed, because they may be
covered by a DKIM signature. (Or is there language I missed
requiring these to not be covered?)
So while I would naively prefer a simpler design with no "authserv-id"
and all external AR headers stripped, this forces routine removal of
headers, which is perhaps not a good idea.
--
Viktor.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html