Franck Martin wrote: >> Steve Atkins mentioned: >>> This (entirely RFC valid yet completely broken) behaviour has bitten me >>> a couple of times.
> Hector followed up: >> +1 >> >> If everyone (mail transport/mail handlers) just followed the basic >> mail networking principle of: >> >> Thou should not touch passthru mail (except for network traces) > > Are there the same issues with PGP or S/Mime email? RFC3851 (S/MIME) states this under the security section: Modification of the ciphertext can go undetected if authentication is not also used, which is the case when sending EnvelopedData without wrapping it in SignedData or enclosing SignedData within it. IMO, with the known issues in the wild related to using MIME parts, I would say yes. Since our MSA/MDA/MTA does not tamper with passthru mail and since we never heard of a complaint, it will suggest it didn't cause problems for any customer either. My general point is based on painful experiences learned with multiple different mail networking software (old and new) and the common and basic long traditional rule of thumb was to refrain from screwing around with passthru mail and when followed, things generally worked better, there were less issues, less surprises and future things would basically fit right in. With new needs such as EAI (internalization) and DKIM (authentication), it is highlighting the cases where certain methods in the network were not ideal. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html