On Fri, 2005-11-18 at 08:57 +0000, Stephen Farrell wrote:
The "From:" header should not be signed if it contains more than one
sending address.
Exactly. Or whatever the correct variant might be e.g. I think
I'd prefer "don't sign at all if there's >1 From address" so that
we have fewer chances for verifier misinterpretation, but that
might be my security-and-not-email heritage coming to the fore.
Does anyone see such a statement as causing a problem? I could
imagine that moving from signing anything, to only signing some
mail messages might be either a good or a bad idea.
Including the From header field within the signature hash makes a great
deal of sense. Not including it does not. The problem was dealing with
the effects of the _only_ policy (o=!) that prevents spoofing. This
policy does not allow not signing. Half measures are thwarted by
mechanisms that hold the email-address accountable. Any exception
becomes the mode that spammers will use.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org