----- Original Message -----
From: "SM" <sm(_at_)resistor(_dot_)net>
To: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>; "Jeff
And can't the threats document (& later, whatever relevant spec) not
just say "don't do that" and thus avoid the problem?
The DKIM draft mentions:
"Under no circumstances should an unsigned header field be displayed
in any context that might be construed by the end user as having been
It could be extended further:
The "From:" header should not be signed if it contains more than one
This is logic that software can use. It doesn't have to sign the From: under
Hector Santos, Santronics Software, Inc.
ietf-dkim mailing list