[ietf-dkim] SSP security relies upon the visual domain appearance
Dave Crocker
dhc at dcrocker.net
Fri Nov 18 08:20:15 PST 2005
>>> The "From:" header should not be signed if it contains more than one
>>> sending address. ...
>
>> Does anyone see such a statement as causing a problem?
>
> I see it as needless and futile micromanagement. The point of a DKIM
> signature is that the signer is taking responsibility for the message.
...
> But for the basic DKIM, a signer can sign anything he's
> willing to, and please leave it at that.
A small lesson from this exchange is to note both that this indicates that
we understand doing SSP work far less than we understand doing basic signing
work, and that coupling the two in our work could actually hurt the
technical aspects of the base mechanism, not just delay it.
d/
ps. there was a suggestion to have the 'do not sign an rfc2822.From that has
multiple addresses' directive me in the threat analysis document. i would
think that the ta document should not have normative specifications.
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
More information about the ietf-dkim
mailing list