On Wed, Jul 12, 2006 at 08:48:21PM -0700, william(at)elan.net allegedly wrote:
On Wed, 12 Jul 2006, Eric Allman wrote:
For the same reason From: has to be signed --- they represent the [fill in
blank with your favorite word: author, originator, whatever] of the
message. I suppose we can legitimately ask why From: MUST be signed
though. In terms of interoperability it is not required, but in terms of
being useful it seems like it is.
So if message has Resent-From field would SSP check be done against From
or Resent-From or both?
Gosh. What a can of worms. Is SSP consulted on a verified signature?
If not, then how can SSP play into these headers?
NOTE WELL: This list operates according to