Alessandro Vesely <vesely(_at_)tana(_dot_)it> writes:
I beg to differ. To adjust the signature scheme so that it works in the
face of resending is plan A. The From: field is set by the author's MUA
and checked by the MSA.[1] Leaving it unaltered is a privilege that
resenders need to earn by enforcing MSA-equivalent checks. WSJ article
sending is an example where From: ought to be changed, while gmail and
MLs can keep it unaltered.
Ah, yes, that scheme also works, as long as you can change the verifiers
to support this new scheme. And would definitely be an improvement over
rewriting the From header.
It is a technical challenge to define authentication correctly, but we
should not modify the semantics in order to meet the constraints.
Wholeheartedly agreed.
--
Russ Allbery (eagle(_at_)eyrie(_dot_)org)
<http://www.eyrie.org/~eagle/>
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822