Keith Moore wrote:
c. Message was authored by A but signed by someone else. Show the
From
field but also show a highlighted alert that says "This message claims
to be written by A but was signed by B".
You just lost My Mother, I think. Well, at least you lost
me because I have no idea how I ought to behave in its
presense.
it's worth exploring, I think.
a) What would you do if you got a snail mail that purported to be
from George Bush but for which the signature at the bottom read Rush
Limbaugh?
Wonder whether anybody's seen Karl Rove and Rush Limbaugh in the
same room at the same time?
b) What would you do if you got a snail mail that purported to be
from president(_at_)whitehouse(_dot_)gov but for which the signature at the
bottom read george(_dot_)bush(_at_)whitehouse(_dot_)gov?
Demand a recount?
i.e. is it ever reasonable for the From address to be a "role"
address and the actual signature be by an individual? and if it is,
is the signature meaningful? would it be meaningful if you had an
established relationship with that person and knew that was his email
address? what if you didn't?
would it make more sense to say that the "role" address should sign
the message? what about when different people are authorized to fill
a role? wouldn't you want to know specifically who signed it?
would it make sense to forbid "role" addresses in From fields? OTOH,
they're useful.
I dunno, here I guess I'm willing to believe that carbon based units can
sort this sort of thing out. Going too far into local part semantics seems
if nothing else to pull us way away from the goal of having something
easily deployable. The DKIM signature is, IMO, intentionlly fuzzy about
how much you should trust the local part because it's wound up in how
much you trust the domain doing the signing in the first place,. That trust
is the subject of another piece of work which I believe can build on
DKIM's more modest goal.
Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org