[ietf-dkim] Re: Issue 1287: signature removal
johnl at iecc.com
Thu Jun 8 21:27:21 PDT 2006
>> INFORMATIVE NOTE: A message forwarder may remove DKIM-Signature
>> header fields if it modifies a message in a way that makes it
>> implausible that a subsequent verifier could verify the
>> signature, e.g., if it reorders the MIME parts in a message
>> or flattens an HTML message to plain text.
> What does "implausible" mean?
It means the same thing it does anywhere else. I realize you think that
verifiers can undo any change a mailing list may do to a message. You're
wrong, but I don't want to get hung up on that again. That's why I used
examples where the message bits are completely mangled.
> And I disagree about this in general; the forensics of signatures are as
> worthwhile as the ultimately unverifyable received headers which no RFC
> suggests that you remove.
It says "may". Depends on what you expect to be downstream of you.
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
More information about the ietf-dkim