[ietf-dkim] Mailing lists and s/mime & dkim signatures - mua considerations

[Charles Lindsey]

On Wed, 25 Aug 2010 00:47:20 +0100, Hector Santos <hsantos at isdg.net> wrote:

> Rolf E. Sonneveld wrote:
>
>> Although DKIM does not specify (as far as I know) what to do with DKIM
>> signatures in inner bodyparts, I think DKIM signatures should never be
>> removed without a good reason.
>
> If you believe this, then you have to advocate the removal of the RFC
> 4871 mandate regarding invalid signatures changing to no-signature
> status as if it never existed and the message was never signed.

Not so. A retained, but now invalidated, signature should have no effect  
on the behaviour of an assessment engine (well almost so - it might like  
some assurance that it HAD been signed previously before proceeding to  
consideration of the trustworthiness of the MLM's signature, but an A-R  
header would provide that).

No, the purpose of retaining that signature is primarily for forensics.  
Given that it is meaningless for protocol purposes for the reasons you  
gave, it cannot possibly do any harm. Destroying it would do some minor  
harm (hindering any forensic investigation). It would also frustrate geeks  
who might like to reconstruct the original signed message for verification  
purposes, but they are not the primary custimers of any retention. It is  
simnply a matter of not destroying potentially useful evidence.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5