Frank Ellermann wrote:
Hector Santos wrote:
Hope this provide some insight.
Yes. Following your pseudo-code I get "surprising" FAILs for
the Resent-* cases:
A signed mail with "strict" SSP is Resent-From Jou User. The
included original signature is valid, everxything works, UNLESS
Joe's mail service provider signs all outgoing mails. Then the
resent mail would have two signatures, one by Joe's provider,
and that second signature FAILs for a "strict" SSP.
But don't we currently have a requirement in 5.3 that says:
9. [PROVISIONAL] A signature that is not on behalf of the
RFC2822.From MUST NOT be construed as suspicious for the
purposes of The Protocol.
If that were to gain consensus (as I believe it ought, at least
since the alternative makes no cryptographic sense to me) then
would there still be a problem with Resent-* cases? If so, what
problem?
If the problem is just the pseudo-code then that can be fixed
there.
Stephen.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html