On Thu, Jul 13, 2006 at 04:00:18PM -0400, Eric Allman allegedly wrote:
I've heard some discussion the last couple of days that we should
drop the MUST for signing originator headers and Resent-* blocks,
since this isn't an interoperability issue (but is perhaps a
usefulness issue). This is, in some sense, dictating policy instead
of being confined to mechanism, which we've been assiduously
avoiding. Viewed that way, it seems inappropriate to have this
requirement.
Of course, a verifier would be completely within reason to ignore
signatures that didn't sign the From header, but that's up to them.
If we can get a very quick consensus I can get this into base-04
(which is going to be submitted today come hell or high water --- oh
wait, that was Dallas). It seems consistent with the other changes
we've been making, which is why I have some small hope we can get
this through in just a couple of hours.
+1 Mechanism vs policy is a good argument. As you say, let the
receiver apply their policy as they see fit.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html