Ah. I need to restate the question a bit. Sorry.
What I was asking was whether the following would be a good or bad idea. - Define some (few, simple) rules for when messages MUST NOT be DKIM-signed (e.g. those that contain >1 From address) - When a signer is presented with such a message, it doesn't sign it, or forward it, but bounces/deletes it (whatever the right mail thing to do is). If that were reasonable, (and I don't claim to know), then our threat analysis could result in us defining some such rules in order to counter some of the vulnerabilities we consider. Stephen. _______________________________________________ ietf-dkim mailing list http://dkim.org
