----- Original Message -----
From: "SM" <sm(_at_)resistor(_dot_)net>
To: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>; "Jeff
Macdonald"
And can't the threats document (& later, whatever relevant spec) not
just say "don't do that" and thus avoid the problem?
The DKIM draft mentions:
"Under no circumstances should an unsigned header field be displayed
in any context that might be construed by the end user as having been
signed."
It could be extended further:
The "From:" header should not be signed if it contains more than one
sending address.
Excellent point!!!!
This is logic that software can use. It doesn't have to sign the From: under
special situations.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org