On Thursday 13 July 2006 18:09, Dave Crocker wrote: > Scott Kitterman wrote: > > I think that a requirement to sign RFC 2822 required identity header > > fields (From and Sender if present) makes a lot of sense. I expect that > > if we don't make this a requirement in Base, then in operations, > > receivers will pay little attention to signatures that don't include > > them. > > The critical language in your note is "I expect that". THe entire point > about distinguishing mechanism from policy is that the latter is subject to > learning and preference. Although your expectation might be right, it > might not. Either way, it does not affect the technical mechanism for > creating a signature and validating it. > > What it DOES affect is the UTILITY of that signature. But lots of things > affect that utility. That's the stuff of policy work. > I think Sender is arguable and I don't care much either way.
Since From is mandated by RFC 822/2822 then I think a MUST sign since it MUST be present is entirely appropriate independent of any policy work. It's a mandatory part of the message body. Is there some benifit to be derived from not signing From? Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
