[ietf-dkim] SSP security relies upon the visual domain appearance
Dave Crocker
dhc at dcrocker.net
Tue Nov 22 11:28:43 PST 2005
Folks,
> The DKIM draft mentions:
>
> "Under no circumstances should an unsigned header field be displayed
> in any context that might be construed by the end user as having been
> signed."
>
> It could be extended further:
>
> The "From:" header should not be signed if it contains more than one
> sending address.
An alternative, for the core document, is merely to note that display of
identity-related fields is a highly sensitive aspect of application
usability and that consideration of the design issues affecting it are
outside the scope of this specification.
Having the core document give ANY normative guidance on user interface
design and cognitive processing concerns -- note the draft text says
"should" -- or for that matter any guidance at all is not going to help the
focus or utility of the document's main purpose.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
More information about the ietf-dkim
mailing list