On Sat, 25 Nov 2006 06:25:27 -0000, Jim Fenton <fenton(_at_)cisco(_dot_)com>
wrote:
It's not entirely forgotten; section 2.3 of draft-allman-dkim-ssp-02
discusses multiple From addresses. We thought about resolving the
ambiguity by (1) arbitrarily picking the first address in the From
header field, (2) picking the address in the Sender header field, or (3)
querying SSP for all addresses in the From header field, and combining
them somehow. We picked (1), because we don't know whether the MUA is
going to display the Sender address or not, and we felt that it is
likely that it will display the first From address regardless.
And there I think you picked the wrong one. Why is whether the Sender
header gets displayed by the MUA of relevance (though a decent MUA should
give you the option of showing it)? Surely it is the MTA/MDA that does the
verifying and that queries the appropriate SSP that needs to consider
whether to use the Sender: or From: (for sure, full headers are available
for inspection at that point). So I think you should have picked #2.
OTOH, if you or your MUA are sufficiently sophisticated to want to do the
checks yourself, then you are presumably sufficiently sophisticated to
cause the Sender: to be displayed.
I have seen sufficient comments from others to the effect that the Sender
needs to be looked at in many situations that this matter probably ought
to be reviewed (does that mean raising an Issue?).
Actually, I think we are all asking the wrong question, by starting from
some header (From/Sender/Whatever). Surely a proper verifier should
proceed something like this:
For each signature accompanying the message:
Consider the Domain that created the signature
For each relevant header (From, Sender, List-Post, etc)
Note whether that Domain occurs in the address(es) in that header
Consider the SSP of that Domain:
Is the set of headers including (or not including) that Domain
correct/reasonable/whatever?
Combine results from all signatures to arrive at final
conclusion/score/whatever.
But we don't know how this will be displayed, and who the recipient is
likely to consider the author of the message, ...
I think it is more important who the
originating/resending/forwarding/signing/SSP domain considered to be the
author/sender.
so it's very difficult to decide
BTW, the bit in the base document that says the "From" MUST always be
signed is wrong. It should have been the Sender, and maybe any
Resent-From too. And that MUST is going to haunt us again when EAI ...
The language here was discussed and determined by WG consensus.
Personally, I favored the language in -base-03 and earlier that says,
"any header field that describes the role of the signer (for example,
the Sender or Resent-From header field if the signature is on behalf of
the corresponding address and that address is different from the From
address) MUST also be included."
Yes, Im think you were right there, and if I had been a WG member at that
time you would have had my support (though maybe not all the way up to
"MUST"). I think it is up to verifiers to decide whether the correct
headers have been signed to enable them to form a valid conslusion. For
example, if the verifier saw that the message had been downgraded by EAI,
it might take a very different view of which headers it wanted to see.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html