ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] RFC2822.Sender

2006-08-09 20:39:50
On Wed, Aug 09, 2006 at 10:30:21PM -0400, Tony Hansen allegedly wrote:
Stephen Farrell wrote:

Michael Thomas wrote:
Tony Hansen wrote:
add RFC2822.Sender
 
I'm not the chair, but I've seen considerably less consensus about 
anything other than rfc2822.from. I'm frankly not sure I understand
it very well.

I know I don't understand it!

Maybe a more detailed use-case would help? (Tony?)

I want to make certain that what we're building with policies doesn't
prevent eCard senders or News agencies from doing what they currently
do. They should be able to 1) send a message to someone on my behalf
while 2) marking themselves as the sender and 3) being able to sign the
message. According to 2822, this minimally requires support for
RFC2822.Sender as well as RFC2822.From.

Why does DKIM need to support these directly? They can continue to
send like this just fine and rely on their domain reputation or the
good graces of receivers.

Better yet, eCard senders could put their own From: address in and put
your email in the content:

        From: bulk(_at_)hallmark(_dot_)com

        Howdy. mailto:tony(_at_)att(_dot_)com allegedly sent this card to
        your for your birthday...

It seems bizarre to me that we want to explicitly allow an
unauthenticated 2822.From to be treated as authenticated.

One option: att.com could advertise that hallmark.com can put @att.com
in the 2822.From: and have it authenticated via hallmark.com. Is that
what you're asking for?



Mark.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html