Tony Hansen wrote:
Dave Crocker wrote:
Alas, it was pointed out to me that SSP does indeed have a requirement for a
lookup even when the message is signed. This is when there is so-called
third-party signing. (I believe this means when the domain in the
rfc2822.From
does not make the DKIM d= domain.)
I would at a minimum include rfc2822.Sender in this check: third part
signing is when the DKIM d= domain is not equal to either the
rfc2822.From's domain nor the rfc2822.Sender's domain.
Tony, et al,
Switching back to the 'requirements' suggestion I have been making:
I would like to see a scenario described that explains exactly what problem
needs to be detected and why it is a compelling, immediate requirement.
I would like to see the description done in a way tht talks about particular
individuals and organizations, without referring to particular protocol units.
In other words, I'd like to see the non-technical description of the requirement
and its rationale, before it gets translated into the technical details, such as
citing particular header fields.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html