[ietf-dkim] multi-From (was: SSP security relies upon the visual domain

ietf-dkim

[ietf-dkim] multi-From (was: SSP security relies upon the visual domain appearance)

2005-11-18 08:05:46

Stephen Farrell wrote:

The "From:" header should not be signed if it contains more
than one sending address.

Exactly. Or whatever the correct variant might be e.g. I
think I'd prefer "don't sign at all if there's >1 From
address" so that we have fewer chances for verifier
misinterpretation, but that might be my security-and-not-
email heritage coming to the fore.

Does anyone see such a statement as causing a problem?


No.  But why not return to the old approach, with more than
one From-address there MUST be a Sender, so just take this.

Yeah, in theory mailing-lists might do strange things with
an existing Sender.  OTOH that's just broken, they could
use Errors-To (or if they want to support PRA Resent-Sender).

Above all I've _never_ seen mails with more than one From-
address, not one.  And for news it's also extremely rare.

Whatever that problem is, it's no showstopper.  Bye, Frank


_______________________________________________
ietf-dkim mailing list
http://dkim.org

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] SSP security relies upon the visual domain appearance, (continued) Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Jeff Macdonald Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Stephen Farrell Re: [ietf-dkim] SSP security relies upon the visual domain appearance, SM Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Hector Santos Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Douglas Otis Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Stephen Farrell Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Douglas Otis Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Stephen Farrell Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Arvel Hathcock Re: [ietf-dkim] SSP security relies upon the visual domain appearance, John Levine [ietf-dkim] multi-From (was: SSP security relies upon the visual domain appearance), Frank Ellermann <= Re: [ietf-dkim] SSP security relies upon the visual domain appearance, John Levine Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Dave Crocker Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Stephen Farrell Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Michael Thomas Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Hector Santos Re: [ietf-dkim] SSP security relies upon the visual domain appearance, John R Levine Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Dave Crocker Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Douglas Otis Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Dave Crocker Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Hector Santos

Previous by Date:	Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Stephen Farrell
Next by Date:	Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Michael Thomas
Previous by Thread:	Re: [ietf-dkim] SSP security relies upon the visual domain appearance, John Levine
Next by Thread:	Re: [ietf-dkim] SSP security relies upon the visual domain appearance, John Levine
Indexes:	[Date] [Thread] [Top] [All Lists]