[ietf-dkim] SSP security relies upon the visual domain appearance
hsantos at santronics.com
Thu Nov 17 23:11:17 PST 2005
----- Original Message -----
From: "SM" <sm at resistor.net>
To: "Stephen Farrell" <stephen.farrell at cs.tcd.ie>; "Jeff Macdonald"
> >And can't the threats document (& later, whatever relevant spec) not
> >just say "don't do that" and thus avoid the problem?
> The DKIM draft mentions:
> "Under no circumstances should an unsigned header field be displayed
> in any context that might be construed by the end user as having been
> It could be extended further:
> The "From:" header should not be signed if it contains more than one
> sending address.
This is logic that software can use. It doesn't have to sign the From: under
Hector Santos, Santronics Software, Inc.
More information about the ietf-dkim