Stephen Farrell wrote:
The "From:" header should not be signed if it contains more
than one sending address.
Exactly. Or whatever the correct variant might be e.g. I
think I'd prefer "don't sign at all if there's >1 From
address" so that we have fewer chances for verifier
misinterpretation, but that might be my security-and-not-
email heritage coming to the fore.
Does anyone see such a statement as causing a problem?
No. But why not return to the old approach, with more than
one From-address there MUST be a Sender, so just take this.
Yeah, in theory mailing-lists might do strange things with
an existing Sender. OTOH that's just broken, they could
use Errors-To (or if they want to support PRA Resent-Sender).
Above all I've _never_ seen mails with more than one From-
address, not one. And for news it's also extremely rare.
Whatever that problem is, it's no showstopper. Bye, Frank
ietf-dkim mailing list