Michael Thomas wrote:
Dave Crocker wrote:
On reviewing the working group archive, I have not succeeded in finding
any discussion either of changing the SSP paradigm to apply to signed
message or of the problematic selection of the rfc2822.From field, rather
than rfc2822.Sender field domain.
I recall making a point a number of times in the working group, verifying
that the group agreed that SSP applied (only) to unsigned messages.
RFC 5016, section 5.3 requirement #1:
1. SSP MUST be able to make practices and expectation assertions about the
domain part of a [RFC 2822].From address in the context of DKIM. SSP will
not make assertions about other addresses for DKIM at this time.
Refs: Problem Scenarios 1 and 2, Sections 3.1 and 3.2.
I just checked and this requirement has been in the requirements since the
very first draft. If you objected, it apparently didn't get much consensus.
That relates to using .From. How does it related to the application of SSP
for signed messages, and where is the indication that this implication was
understood by the community?
NOTE WELL: This list operates according to