[mail-vet-discuss] SHOULD the header be signed?
Charles Lindsey
chl at clerew.man.ac.uk
Tue Dec 4 05:19:29 PST 2007
On Mon, 03 Dec 2007 18:00:45 -0000, Murray S. Kucherawy <msk at sendmail.com>
wrote:
> This came up both at the last IETF and at this one, so I thought it
> worth opening up here once before I submit the draft to the area
> director.
>
> Should the normative text in the draft specify that this header SHOULD
> be signed?
I might not go as SHOULD, but certainly the practice should be encouraged
in suitable cases. These include
1. where the mail is to be sent further using SMTP (whether within the
final delivery boundary or not - note that such boundaries are not always
clearly recignised, even within their supposed borders).
2. As a particular case, when the mail is explicitly forwarded as in
mailing lists, especially if the mailing list has altered the message in a
manner which breaks the original signature.
But, as a corollarly, it should be stated that these headers SHOULD NOT be
removed at boundaries in cases where they are covered by such a signature
(I probably mean a signature that verifies correctly).
Note that I am speaking of headers that confirm a dkim signature here - I
am not sure about headers that confirm other protocols.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the mail-vet-discuss
mailing list