ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] drop requirement to sign "From" or other "originator" headers?

2006-07-13 13:21:12

On Jul 13, 2006, at 4:00 PM, Eric Allman wrote:

I've heard some discussion the last couple of days that we should drop the MUST for signing originator headers and Resent-* blocks, since this isn't an interoperability issue (but is perhaps a usefulness issue). This is, in some sense, dictating policy instead of being confined to mechanism, which we've been assiduously avoiding. Viewed that way, it seems inappropriate to have this requirement.

Of course, a verifier would be completely within reason to ignore signatures that didn't sign the From header, but that's up to them.

If we can get a very quick consensus I can get this into base-04 (which is going to be submitted today come hell or high water --- oh wait, that was Dallas). It seems consistent with the other changes we've been making, which is why I have some small hope we can get this through in just a couple of hours.

Thoughts?

I agree with making this change. These are considerations better handled elsewhere.

-Doug
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html