[ietf-dkim] Not exactly not a threat analysis

[Jim Fenton]

Keith Moore wrote:

>>>IIRC, an SSP check is done against the "Originator Address".  This is
>>>either the rfc2822.from or rfc2822.sender.
>>>      
>>>
>>That's not correct. It's only From.
>>    
>>
>
>Look, it's not acceptable for DKIM to change the semantics of From.
>>From can contain multiple addresses, From can contain an address other
>than that of the Originator, and if a Sender field is present From has
>no implied relationship with the party that originated the message.
>These semantics are well-established and have been in use for around 25
>years.
>  
>
SSP as currently written does use Sender: (as a tie-breaker) in the 
event that From: has multiple addresses.  An alternative way to do this 
might be to do an SSP for each address in the From: field that doesn't 
have a valid signature (modulo disagreement on this point) and use the 
most restrictive policy found.

>If you want to define a way for DKIM to say "the party who sent this
>message has permission to make statements on behalf of these From
>addresses" that's all well and good.  What's not appropriate is to
>define DKIM in such a way as to wire in an assumption that From is
>always the party who originated the message.
>  
>
We need to balance here between the definitions in specifications and 
how ordinary people look at email.  SSP is based on From: because that's 
almost always what people see and if you send someone a message, and ask 
who it's from, they will almost always point to it.  If the recipient 
thinks that From is the party who originated the message, that's 
significant.

-Jim