In <[EMAIL PROTECTED]> DKIM Chair <[EMAIL PROTECTED]> writes: > * One of the signatures has minimal scope, maybe signing only "from:", > with l=0.
Please pardon my ignorance here, as I haven't not been following this group closely lately, but... Wouldn't signing just the 2822.From: header be close to useless since it could trivially be replayed on all forged email? Even if you throw in things like the 2822.Message-ID:, and 2822.Date:, etc., you really have more "security" with the Habeas haiku. -wayne _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
