Stephen Farrell wrote:
>
> On 05/10/10 23:54, Julian Mehnle wrote:
>> Recommending that one more "From" be added to h= (and hashed)
>> than From headers are initially placed in the message should be enough.
>> There is no need to change the semantics of the spec.
>
> Assuming that "recommending" above maps to a (putative)
> "MUST/SHOULD" statement in 4871bis, I'd be interested in
> opinions as to whether such a change might slow progress
> to draft standard, or be detrimental to current deployments.
>
> So in terms of meeting our chartered goals, this specific
> addition might have undesirable side effects were it to
> represent the WG's opinion. (Much as the chairs love you
> all, starting right in on a 4871ter is not attractive:-)
To address current implementations, guidelines should be considered:
1) Suggest MTA do stonger RFC 5322 checking and at a minimum,
checking for multiple 5322.From (and possible even 5322.Subject).
2) To close the loophole to #1 (legacy software), the DKIM signer
MAY consider adding a h=from:from to the DKIM-Signature.
3) To close the loophole to #1 (legacy software), the DKIM verifier
SHOULD void messages with 5322.From which are not bound to the
signature.
#1 is words and a remember for MTA especially those that are with a
DKIM environment to tighten up there wares.
#2 can be done with current implementation operators. I am assuming
all or not most of DKIM signing engines will allow operators to set
"Required Headers" to sign. It would be rather inflexible if it did not.
#3 is already done by at least one open source DKIM API developed
by a large MTA vendor. Not sure how OpenDKIM is will do it, but
Murray did speak of the layer (#1) approach.
#1 and #2 will allow most implementations to close this loophole until
software vendors catch up with #3.
That said, I don't think writing #1, #2 or #3 text for 4871bis should
slow down progress to draft standard.
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
