[ietf-dkim] Re: Role of Sender header as signing domain
Eliot Lear
lear at cisco.com
Wed Nov 29 10:52:17 PST 2006
Damon wrote:
> +1
>
> Damon Sauer
>
> On 11/29/06, Douglas Otis <dotis at mail-abuse.org> wrote:
>>
>> On Nov 29, 2006, at 3:42 AM, Eliot Lear wrote:
>>
>> > Charles Lindsey wrote:
>> >>
>> >> I utterly fail to see why what is displayed to the user is of the
>> >> least relevance.
>> >
>> > Because it's very possible UAs will indicate whether a message is
>> > signed or not. This is already done with various plugins.
>>
>> The same plug-ins can also verify an associative policy regarding
>> other headers as well. Being signed might be for entities found in
>> the 2822.From, the 2822.Sender, or for the 2821.MailFrom (to help
>> ensure DSNs).
First of all, we are now talking about that which is not there, a signed
2821.MailFrom, and we are discussing base, which this group is finished
with. So, it seems to me that we have really veered from the topic of a
sender header.
>> Annotation of a message being signed by itself is of
>> little value. Being "signed" and "recognized" is what is important
>> when the desire is to curtail spoofing.
Sure. And when we get there life will be peaches and cream. But we
need to transition to that point, and end users should be able to
benefit from DKIM + the good work that people like Paul Hoffman are
doing, so that SPs themselves don't become a bottleneck to deployment.
Eliot
More information about the ietf-dkim
mailing list