Stephen Farrell wrote: >> The "From:" header should not be signed if it contains more >> than one sending address.
> Exactly. Or whatever the correct variant might be e.g. I > think I'd prefer "don't sign at all if there's >1 From > address" so that we have fewer chances for verifier > misinterpretation, but that might be my security-and-not- > email heritage coming to the fore. > Does anyone see such a statement as causing a problem? No. But why not return to the old approach, with more than one From-address there MUST be a Sender, so just take this. Yeah, in theory mailing-lists might do strange things with an existing Sender. OTOH that's just broken, they could use Errors-To (or if they want to support PRA Resent-Sender). Above all I've _never_ seen mails with more than one From- address, not one. And for news it's also extremely rare. Whatever that problem is, it's no showstopper. Bye, Frank _______________________________________________ ietf-dkim mailing list http://dkim.org
