Douglas Otis wrote: > Without this assurance, the DKIM signature is practically > worthless.
Some months ago you were firmly in the "crypto timestamp" camp, what happened ? > only when the signature itself indicates the 2822.From > address has been validated. Okay, we can update 5.4 in base if necessary, e.g. add a flag where that's the case. > The factors needed for security are: > - a signature assured 2822.From address > - the DKIM signature associated with the 2822.From address > (by being within the 2822.From domain or via policy) > - presences of the valid 2822.From address in the address > book I'd prefer PRA where you say 2822.From, but otherwise ACK. That's not yet covered in base, how can the MSA say that the 2822-From is okay ? Even where the domains match it's not necessarily okay. The MSA has to know who submits the mail, which PRA can be used by that authenticated user, and the case PRA != 2822.From has to be documented, the procedure in that case would be different. Frank _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
