On Jan 10, 2007, at 2:19 PM, Scott Kitterman wrote:
On Wednesday 10 January 2007 17:01, Douglas Otis wrote:
The base draft requires the From header be signed. This header might
become modified for EAI compliance.
We've been through this before. IIRC, we included 2822-From
because it's a
mandatory part of the message. If you don't sign it, you didn't
sign the
message. We don't sign every other line of the body either.
At that time, it was less clear the impact of that decision. What
value exists when the From header is not associated with the signing-
domain? This again mistakenly assumes recipients will verify the
originator based upon visual inspection. What happens when there are
EAI fix-ups on messages sent through a mailing list that signs their
messages? This requirement will cause these signatures to fail for
no valid reason.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
