On Jan 19, 2007, at 3:29 PM, Paul Hoffman wrote:
At 2:16 PM -0800 1/19/07, Douglas Otis wrote:
Would you explain the reasoning for discouraging verification at
the MUA?
No, because that is not what I said, nor is it what I believe.
Please do not twist my words, or the words of what are in the spec.
Not every signature will always be checked at the MTA. While the MTA
might be focused upon checking signatures that appear linked with the
From header, the MUA may ensure Sender headers containing "known"
Mailing Lists are always checked, for example. These goals are
different, and there is not an expectation that _all_ (if any)
signatures are checked at the MTA.
[In particular, deferring verification until the message is accessed
by the end user is discouraged.]
One can't say don't check all, as does the added language in the base
draft, and then say deferring verification by the end user is
discouraged. Clearly this statement seeks to define "deferred"
verification efforts at the MUA as being discouraged. This is
wrong. Allowing the MUA to only verify signatures linked to trusted
email-addresses leaks less information. There might even be valid
reasons _not_ to verify signatures at the MTA.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
