ietf-822
[Top] [All Lists]

Re: Use of Sender in authentication considered unacceptable (was Re: draft-lilly-from-optional-01.txt)

2005-02-26 07:57:56

If you want a viable authentication proposal, you need to define a new
field which will have a well-established meaning, not try to borrow some
existing field which has either a different meaning (From) or some
existing field which has no consistent use in practice (Sender).

I agree that we don't see a consistent use of the Sender field in practice. If the agent responsible for the transmission of the message makes proper use of the Sender field, I don't see why we should redefine a new field when there is already a field which was set out for that purpose.

because in practice Sender is almost never used properly, and use of Sender is so varied that the recipient cannot tell what is meant by it.

for example: mailing lists should almost never set Sender, because it obscures who actually sent the message, and this is of interest to list recipients. (there are exceptions: it's reasonable for digests to set Sender to point to the mailing list. similarly for lists that deliberately try to hide the actual addresses of the correspondents)

Keith