Charles Lindsey wrote: > On Wed, 25 Mar 2009 11:28:52 -0000, Hector Santos > <[email protected]> wrote: > > >>> - eBay and PayPal: signs non-existent Resent-From, preventing resending >> >> Another case of BLIND signing! Read the freaking specs!! > > Not necessarily. Signing a non-existent header is a valid way of > preventing it being added subsequently, and maybe that is what you want > (e.g. in this case if the mail is "for original recipient's eyes only"). > Not that Ebay and Paypal were necessarily trying to do that, although > they are the sort of organisations that just might want to do it in > specific situations.
Good point Charles. I guess I can see benefits of signing an non-existing header with the intent to preempt some downlink injection. But only from the standpoint of the intent to force a failure handling process. i.e, eBay, Paypal and entities of the like do not expect these failures to be ignored. Possible example is Reply-To. They might not want a Reply-To and will rely on From: for any user feedback. So they sign an non-existing Reply-to, this preventing any replays with an injected Reply-to for MUAs to use. I can see that. -- Sincerely Hector Santos http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
