Wietse Venema wrote:
The problem that you refer to is due to the mistaken belief
that DKIM signatures imply anything about rfc2822.from
addresses. We can eliminate the problem by simply taking DKIM
signatures for what they actually are: proof about the
identity of the signing party, not proof about the identity
of the author. =============
Okay, that's the "crypto timestamp" model, and apparently some
big players want precisely this and no additional nonsense.
It would be consequent to take the timestamp line instead of
the 2822-From as "MUST" in base (5.4). The EAI / IMA folks
just discuss a situation where the 2822-From is removed or
empty after some UTF8SMTP magic hitting a legacy mailbox.
If the whole point is a better timestamp line, why not include
it in the signature ? An MSA could _also_ sign the 2822-From
if it knows that it makes sense (From = Mail From ) and is ok.
And a MUA could sign the (Resent-) Message-ID instead of the
timestamp line. But actually I don't think that MUAs trying
to sign mail are relevant at the moment.
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html