> If an incoming message includes a DKIM [DKIM], PGP [RFC4880], > S/MIME [RFC5751], or other signature, sites SHOULD consider what > effect message modifications will have on the validity of the > signature, and MAY use the presence or absence of a signature as > a criterion when deciding what, if any, modifications to make.
I think the existing text is dandy, but I would, since I wrote it. I suppose we could add some examples, but as others have noted, there's a lot of different possibilities, and we don't know what they are. The sort of stuff I was thinking of includes: * If there's a valid S/MIME signature, don't mess with the body. (I can tell you from experience that if you wrap a signed MIME body in a multipart/related, about half of MUAs will still recognize the signature and half won't.) * If there's a DKIM signature, and the MSA doesn't sign, don't mess with the message. But if the MSA does sign, do mess and then sign the modified message. I'm not saying either of these are always the right thing to do, but they're the sort of tradeoffs I had in mind. And I'm not at all sure that there is any way to say that that will not be misread as normative NEVER CHANGE A DKIM SIGNED MESSAGE or the like. R's, John _______________________________________________ yam mailing list [email protected] https://www.ietf.org/mailman/listinfo/yam
