[mail-vet-discuss] "Sender" vs. "Signer"
Murray S. Kucherawy
msk at sendmail.com
Tue Aug 14 16:39:52 PDT 2007
SM wrote:
>
>>> In Section 3, it is stated that:
>>>
>>> "An MTA compliant with this specification MUST add this header field
>>> (after performing one or more sender authentication tests)"
>>>
>>> I assume that you mean the sending mailbox was authenticated. If
>>> so, that would not cover DKIM where a signing domain claims
>>> responsibility.
>> I guess we're running into a blurring between "sender" and "signer".
>> Is this a major point of concern? Or is it sufficient simply to
>> define my use of "sender" to include the "signer" case, perhaps
>> citing DKIM as an example?
>
> It may be a point someone would raise during the last call. Defining
> sender to include the "signer" case of DKIM is not the right approach
> in my opinion. If authentication tests is used instead of sender
> authentication tests, it would encompass the signer case.
It's kind of a major rewrite, including even the filename and title of
this document, to change it all from "sender authentication" to "message
authentication" or something like that. Is that really necessary? Or
is there perhaps a definition for "sender" we can give near the top of
the document explaining that we're referring to the agent asserting
authenticity/ownership of the message?
What do others think?
-MSK
More information about the mail-vet-discuss
mailing list