[ietf-dkim] layer violations, was detecting header mutations after signing
jdfalk-lists at cybernothing.org
Thu Oct 21 12:09:54 PDT 2010
On Oct 21, 2010, at 11:13 AM, John R. Levine wrote:
>> The verifier MAY treat unsigned header fields with extreme
>> skepticism, including marking them as untrusted or even deleting them
>> before display to the end user.
> That's an example of the bad advice that I think we should drop from
> 4871bis. It does nothing to improve robustness or interoperability, just
> offers unsolicited advice to MUA developers.
As this conversation has continued, I'm increasingly convinced that the only sane path forwards is to have a separate Informational or BCP document containing MUA considerations. The only question is whether that'd be restricted to considerations we've discovered while discussing DKIM (in which case it might fit in this WG), or open to all the stupid MUA tricks this community has seen since rfc733 (which should probably be a new WG.)
Either way, I'd be interested in participating in the effort.
More information about the ietf-dkim