ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Issue: which headers should we REQUIRE to be signed?

2006-07-13 15:19:45


Scott Kitterman wrote:
I think that a requirement to sign RFC 2822 required identity header fields 
(From and Sender if present) makes a lot of sense.  I expect that if we don't 
make this a requirement in Base, then in operations, receivers will pay 
little attention to signatures that don't include them.  

The critical language in your note is "I expect that".  THe entire point about
distinguishing mechanism from policy is that the latter is subject to learning
and preference.  Although your expectation might be right, it might not.  Either
way, it does not affect the technical mechanism for creating a signature and
validating it.

What it DOES affect is the UTILITY of that signature.  But lots of things affect
that utility.  That's the stuff of policy work.

d/
-- 

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html