On August 17, 2005 at 12:05, Keith Moore wrote:
Look, it's not acceptable for DKIM to change the semantics of From.
From can contain multiple addresses, From can contain an address other
than that of the Originator, and if a Sender field is present From has
no implied relationship with the party that originated the message.
These semantics are well-established and have been in use for around 25
years.
Multiple addresses in From is a good point, and DKIM does not address
this. Can complicate SSP logic.
As for the role of the various header fields, it may help to
review relevent RFCs, mainly RFC-2822:
The originator fields indicate the mailbox(es) of the source of the
message. The "From:" field specifies the author(s) of the message,
that is, the mailbox(es) of the person(s) or system(s) responsible
for the writing of the message. The "Sender:" field specifies the
mailbox of the agent responsible for the actual transmission of the
message. For example, if a secretary were to send a message for
another person, the mailbox of the secretary would appear in the
"Sender:" field and the mailbox of the actual author would appear in
the "From:" field. If the originator of the message can be indicated
by a single mailbox and the author and transmitter are identical, the
"Sender:" field SHOULD NOT be used. Otherwise, both fields SHOULD
appear.
The originator fields also provide the information required when
replying to a message. When the "Reply-To:" field is present, it
indicates the mailbox(es) to which the author of the message suggests
that replies be sent. In the absence of the "Reply-To:" field,
replies SHOULD by default be sent to the mailbox(es) specified in the
"From:" field unless otherwise specified by the person composing the
reply.
In all cases, the "From:" field SHOULD NOT contain any mailbox that
does not belong to the author(s) of the message. See also section
3.6.3 for more information on forming the destination addresses for a
reply.
Now, if the above reflects reality...
If you want to define a way for DKIM to say "the party who sent this
message has permission to make statements on behalf of these From
addresses" that's all well and good. What's not appropriate is to
define DKIM in such a way as to wire in an assumption that From is
always the party who originated the message.
Rfc2822.From is part of the set of originating fields, and according
to RFC-2822, it signifies the mailbox(es) responsible for authoring
the message.
Will you elaborate more on your view of "origination" so I can
understand better what you are saying, especially as it applies
to RFC-2822.
Thanks,
--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org