On 04/Apr/11 18:03, John Levine wrote: >> Signers SHOULD NOT remove any DKIM-Signature header fields from >> messages they are signing, even if they know that the signatures >> cannot be verified. Instead, when a relay alters a message such >> that any valid signature gets broken, it SHOULD re-identify the >> message by synthesizing a new Message-ID for it, according to >> Section 3.6.4 of RFC 5322. >> >>Would that help deterring on-the-fly auto-conversions? > > No, and it would be a bad idea, anyway. I often get two copies of a > message, one sent directly to me, one relayed through a mailing list > that changed it enough to break the signature. By any normal > standard, they're the same message, and it's useful to be able to tell > that from the common Message-ID.
You often said you don't sort list messages by author... I heard the opposite complaint, about gmail automatically keeping a single copy of list messages based on Message-ID. That poster said: So, the user doesn't know whether moderator disapproved or edited the message. Some moderators put replies to members' questions in edits, so Gmail users don't see such replies to their questions. Apparently, not all lists were made equal. > [I]f people were sufficiently aware of DKIM to do what you suggest, > they're aware enough to add a new signature which is the right > thing to do. Agreed, and I also agree that mailing lists are a minor concern in the current landscape. The MLM document could explicitly dispense mailing lists from obeying the "SHOULD" quoted above, under suitable conditions --they already remove signatures. It is hard to accept that signatures may break even when the message is not actually changed. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
