[mail-vet-discuss] SHOULD the header be signed?
J D Falk
jdfalk at returnpath.net
Mon Dec 3 12:39:16 PST 2007
Eric agreed:
> I'm inclined to agree with the consensus. There may be situations
> where you verify a signature and then pass the message through an
> untrusted environment, in which case you might want to re-sign and
> re-verify the message, but I suspect they will be rare. Consider that
> this would effectively double the crypto overhead on verifiers, and it
> really looks like making this a SHOULD is an expensive solution to
> what will be for most people a non-problem. I would say that it
> should be at most a MAY.
+1
If it's an issue for a particular site, they can easily solve it without
affecting anyone else.
If it's not an issue for a particular site, they can easily ignore it
without affecting anyone else.
--
J.D. Falk
Receiver Products
Return Path
More information about the mail-vet-discuss
mailing list