The "From:" header should not be signed if it contains more than one
sending address. ...
Does anyone see such a statement as causing a problem?
I see it as needless and futile micromanagement. The point of a DKIM
signature is that the signer is taking responsibility for the message.
But for the basic DKIM, a signer can sign anything he's
willing to, and please leave it at that.
A small lesson from this exchange is to note both that this indicates that
we understand doing SSP work far less than we understand doing basic signing
work, and that coupling the two in our work could actually hurt the
technical aspects of the base mechanism, not just delay it.
ps. there was a suggestion to have the 'do not sign an rfc2822.From that has
multiple addresses' directive me in the threat analysis document. i would
think that the ta document should not have normative specifications.
ietf-dkim mailing list