>> The "From:" header should not be signed if it contains more than one >> sending address. ...
>Does anyone see such a statement as causing a problem? I see it as needless and futile micromanagement. The point of a DKIM signature is that the signer is taking responsibility for the message. The only semantics that a DKIM signature has is "blame us if you don't like this message." That's it. We don't know all of the reasons that a signer might legitimately want to sign multiple From: addresses, nor do we know all of the ways that a bad guy might try to trick someone into signing his message, with multiple From: addresses being rather low on that list. I could easily imagine an SSP-like system limiting itself to a subset of otherwise syntactically valid messages, e.g. only one address in the From: line, sender matches signer, or any of a host of other rules. But for the basic DKIM, a signer can sign anything he's willing to, and please leave it at that. R's, John _______________________________________________ ietf-dkim mailing list http://dkim.org
