On Tue, 02 Jun 2009 14:24:43 +0100, Michael Thomas <[email protected]> wrote:
> Wietse Venema wrote: >> Charles Lindsey: >>> On Mon, 01 Jun 2009 15:49:28 +0100, Barry Leiba >>> <[email protected]> >>> wrote: >>> >>>> I think it's a terrible idea to (1) leave signatures in a message >>>> after you break them, (2) add A-R without removing any already there, >>>> or (3) add A-R without a signature covering it. > > A signature covering it? That's quite a new requirement for a-r and > one that nobody that I'm aware is following. It is such a blatantly obvious necessity that I am surprised it is occasioning such surprise. WTF is the point of inserting an A-R header if you are not willing to take responsibility for what you have done by signing it? And why should anyone else believe your A-R if you have omitted that elementary step? > In any case, removing signatures seriously sucks from a forensics > standpoint. The DKIM rule is that if they're broken, they're equivalent > to not existing. Leaving signatures in hurts *nothing*, and > provides a lot of feedback to the original sender if needed to > diagnose why signatures failed. > +1. That is exact;y the point I was trying to make. > This shit happens in the real world. Often. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: [email protected] snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
