ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP security relies upon the visual domain appearance

2005-11-22 12:32:43
Folks,

The DKIM draft mentions:

  "Under no circumstances should an unsigned header field be displayed
   in any context that might be construed by the end user as having been
   signed."

It could be extended further:

The "From:" header should not be signed if it contains more than one sending address.

An alternative, for the core document, is merely to note that display of identity-related fields is a highly sensitive aspect of application usability and that consideration of the design issues affecting it are outside the scope of this specification.

Having the core document give ANY normative guidance on user interface design and cognitive processing concerns -- note the draft text says "should" -- or for that matter any guidance at all is not going to help the focus or utility of the document's main purpose.

d/

--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>