Victor Duchovni wrote:
So while I would naively prefer a simpler design with no "authserv-id"
and all external AR headers stripped, this forces routine removal of
headers, which is perhaps not a good idea.
Unless I'm mistaken, consensus among participants here and others I've
consulted appears to be that the normative MAY should remain and not be
upgraded to SHOULD, but text discussing the risks of such general
removal of inbound A-R header fields should be added.
I'm comfortable with the consensus. Is there strong objection to that
course of action?
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html