On Thursday 13 July 2006 18:09, Dave Crocker wrote:
Scott Kitterman wrote:
I think that a requirement to sign RFC 2822 required identity header
fields (From and Sender if present) makes a lot of sense. I expect that
if we don't make this a requirement in Base, then in operations,
receivers will pay little attention to signatures that don't include
them.
The critical language in your note is "I expect that". THe entire point
about distinguishing mechanism from policy is that the latter is subject to
learning and preference. Although your expectation might be right, it
might not. Either way, it does not affect the technical mechanism for
creating a signature and validating it.
What it DOES affect is the UTILITY of that signature. But lots of things
affect that utility. That's the stuff of policy work.
I think Sender is arguable and I don't care much either way.
Since From is mandated by RFC 822/2822 then I think a MUST sign since it MUST
be present is entirely appropriate independent of any policy work. It's a
mandatory part of the message body.
Is there some benifit to be derived from not signing From?
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html