Dave Crocker wrote:
This is completely confusing me. The signing entity is what it is, but
entity may want to assert that there is a binding between the signature
id and one
or more of the outer addresses such as From or Sender. This binding
was removed from the -base draft and was intended to be put into the
If a mailing list signs a message and does
not change the FROM this is automatically a "3rd party" signing situation.
this is probably worth clarifying:
it is 'third party signing' if one is attempting to do an assessment based on
the From field, rather than based on the signing field.
if the signing identity is assessed directly then what matters is the assessment
of that identity, not whether it has "permission" from the From field identity.
but we ran out of time. So it seems to me that there are three cases:
1) the signing identity has no relationship at all to any of the outer
2) the signing identity has a relationship with a non-From outside address
3) the signing identity has a relationship with the From address
"Third party" is probably imprecise since it could mean 1, 2 or both. I
impression that what people are talking about here is (2) though, but I'm