John R Levine writes:
> It feels like some people (not you I hope) are assuming that if a
> message has a valid signature, it's good and you deliver it, which
> is of course wrong.
As far as I can tell this notion was injected by your use of the terms
"accept" and "reject" in your discussion o
>> If the signature is valid *and* the signer has a good
>> reputation, then a delivery agent might do something nice to the
>> message. If it sees a lot of cruddy mail with my signature,
>
>The issue is not your 'signature' but your d= domain name. That's where
>the reputation assessment is supp
On 6/20/2014 1:40 PM, John R Levine wrote:
> It feels like some people (not you I hope) are assuming that if a
> message has a valid signature, it's good and you deliver it, which is of
> course wrong.
Since I haven't seen anyone suggest this, during this or frankly any
other, discussion, nor ha
It's also not clear to me that there is any reason for a verifier to
care about the strength of a signature. If a signer wants to put weak
signatures on mail and take the risk that his reputation will be
sullied by heavily mutated messages, that's not the verifier's
problem.
Actually, it is, si
