On 04/06/2011 10:53 AM, Murray S. Kucherawy wrote:
Having cross semantic correlation of what headers mean with the
presence of dkim signatures from various different signers seems
like a lot more of layer violation to me.
That a DKIM hash covers a header field doesn't assign any new meaning to the
field. It only guarantees its integrity.
But that's the basic problem with the approach that Steve
laid out: we don't enforce any semantics about why a signer
signs something. Doing so would open a large can of worms.
Limiting new additions to the dkim header itself at least
would limit the problem of adding new semantics of a
signature header to exactly the entity doing the signing.
The alternative would be very squirrelly when you think
of the general case of multiple signers in the path.
NOTE WELL: This list operates according to