On Thursday 13 July 2006 17:17, Hector Santos wrote:
----- Original Message -----
From: "Barry Leiba" <leiba(_at_)watson(_dot_)ibm(_dot_)com>
As chair, I see a growing consensus to do it that way. Let's try to
resolve this issue tout de suite, and move on. I'd like to hear from
people who think we should have some headers as "MUST sign". I'd like
to hear from those who agree with Mark and Mike, that we should not have
any with "MUST".
What say you?
See my last message to Eric:
http://mipassoc.org/pipermail/ietf-dkim/2006q3/004249.html
I vote for a minimum requirement and expectation that is part of the
fundamental email infrastructure. In regards to DKIM, that should be the
FROM: (If I had my choice, I would suggest the DATE: too just to be
consistent with RFC 2822 minimum requirements).
However, I say this from a Domain Signature Authorization point of view
which as you know, I am a strong advocate of. It can be "adjustable" if
the domain policy says its ok. But I believe this will complicate policy
concepts so I vote for a minimum requirement.
I think that a requirement to sign RFC 2822 required identity header fields
(From and Sender if present) makes a lot of sense. I expect that if we don't
make this a requirement in Base, then in operations, receivers will pay
little attention to signatures that don't include them. So, if we fail to
include that requirement, I think we are doing people a dis-service.
I am (no surprise) against any requirement to sign resent-*. They aren't
identity fields in the same way that From and Sender are.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html