On 25 August 2011 00:23, John C Klensin wrote: > Implementers of MSAs and those who submit messages to > them should be aware that MUAs (or other submission > system components) may apply digital signatures or other > types of message integrity checks (MICs) to messages and [...] > operators of message originating systems that apply such > signatures should ensure that the relevant MSAs are > aware that signatures may be present (or external MICs > used) and that they are properly configured to avoid > making changes, remove signatures, or accept that > signatures may become invalid as appropriate.
Rather long, but I think it is clearer *who* is supposed to check that everything works as it should: the signer (on behalf of the submitter/sender, or of the MSA/SUBMIT ADMD in the case of DKIM.) > Still no normative language, but I think that addresses the > concerns we have been trying to raise while, at the same time, > actually saying something (and not implying that three > IETF-defined protocols are the only options). You could reference DKIM as an example, because DKIM signatures added in the ADMD of the MSA obviously MUST not be destroyed in that ADMD, and because its "not necessarily end-to-end" concept is still new (= interesting for readers) and maybe unique. In an earlier mail you wrote: | Keeping in mind that we assume, at least formally, that | Submission servers are under the administrative control of the | sender I'm not sure how to interpret that: "Gmail, fix the SPF FAIL for me, will you." I fear my administrative control has limits, as outlined in RFC 5598 figure 4 s/transit/SUBMIT/. -Frank _______________________________________________ yam mailing list [email protected] https://www.ietf.org/mailman/listinfo/yam
