Verifying, modifying and then signing emails results broken chain #169
Description
If OpenARC is used to verify an inbound email (with no existing chain), then if the email is modified and re-signed, then the chain is broken. This is because OpenARC carries forward the existing none verification status, rather than changing it to a pass as would be expected from this scenario functioning correctly.
As an example:
- an email arrives without any chain
- OpenARC initially verifies this and adds
Authentication-Resultsasnone(correct) - Then the content of the email is modified locally and resent via the same milter. At this point, OpenARC identifies
nonein theAuthentication-Resultsheader and carries this forward. - At the receiving end, the email is received with an ARC status of
noneand thus fails.
A simple change to fix this would be to carry forward a none as a pass, on the basis of the Authentication-Results header being trusted as being generated on the local machine and the chain not existing at that point.
Interestingly it looks like this was implemented as such in commit 94c7639. What I do not understand is that this was then reverted in commit c210d04 with no reason why.
Can anyone see any reason why the behavior cannot be retained as per 94c7639?