Ah. I need to restate the question a bit. Sorry.
What I was asking was whether the following would be a good
or bad idea.
- Define some (few, simple) rules for when messages MUST NOT be
DKIM-signed (e.g. those that contain >1 From address)
- When a signer is presented with such a message, it doesn't sign
it, or forward it, but bounces/deletes it (whatever the right
mail thing to do is).
If that were reasonable, (and I don't claim to know), then our
threat analysis could result in us defining some such rules in
order to counter some of the vulnerabilities we consider.
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org