Stephen Farrell wrote:
don't we currently have a requirement in 5.3 that says:
9. [PROVISIONAL] A signature that is not on behalf of the
RFC2822.From MUST NOT be construed as suspicious for the
purposes of The Protocol.
In the draft I read 5.3 (9) is completely different. Which
version are you looking at ? The "requirements-00" apparently
did not make it yet to the tools server and the DKIM page, to
the tracker, or the "official" drafts directory.
The copy I read has date 2006-08-08, and in that version the
word "suspicious" appears only in section 6.1.
If that were to gain consensus (as I believe it ought, at
least since the alternative makes no cryptographic sense to
me) then would there still be a problem with Resent-* cases?
No more problem with any always-signed-Resent-cases. But that
eliminates 5.5 in the DSAP draft with a MUST NOT.
NOTE WELL: This list operates according to