Charles Lindsey wrote:
On Tue, 28 Nov 2006 14:15:21 -0000, Hector Santos
Why are you stuck on Sender? It is not the author or owner of the
message and that is whats important in DKIM.
Usually, the Sender will be the same as (one of) the From(s), or at
least will be from the same domain.
And it may not be the same domain, and it may not exist at all.
But in the few cases where it is not the MSA, which is where
> the signing is likely to be done,
Really? Why do you say that? IMTO, the MSA is the least likely place.
But then again, that might probably depend on your definition of what
an MSA is.
will probably be more familiar with the Sender, and able to vouch
> for him, than with the From.
Vouch? As in reputation?
Anyway, IMV, most people could careless who actually sent the message.
People are more interested in who "authored" a message. It is only when
you want to "shoot the messager", then you might be interested in who
"sent" it, but by far, the electronic mail infrastructure across the
board is fundamentally based on FROM:
> In other situations, it might be the List-Post rather than the
Sender.
It sounds to me that in a indirect way, you are trying to solve the 3rd
party signer authorization problem and to use this as the basis for DKIM
signing in general? That the domain owner have no say in its domain
mail? Does the domain owner have any control any more? Or is that
obsolete too? :-)
I fail to see how mandating Sender is going to solve anything other than
to take the domain owner completely out of the picture. I see this as
flawed in so many ways, far more than what From: protection can offer.
---
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html