ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Role of Sender header as signing domain

2006-11-29 05:57:20
Charles Lindsey wrote:
On Tue, 28 Nov 2006 14:15:21 -0000, Hector Santos

Why are you stuck on Sender?  It is not the author or owner of the
message and that is whats important in DKIM.

Usually, the Sender will be the same as (one of) the From(s), or at least will be from the same domain.

And it may not be the same domain, and it may not exist at all.

But in the few cases where it is not the MSA, which is where
> the signing is likely to be done,


Really? Why do you say that? IMTO, the MSA is the least likely place. But then again, that might probably depend on your definition of what an MSA is.

will probably be more familiar with the Sender, and able to vouch
> for him, than with the From.

Vouch? As in reputation?

Anyway, IMV, most people could careless who actually sent the message. People are more interested in who "authored" a message. It is only when you want to "shoot the messager", then you might be interested in who "sent" it, but by far, the electronic mail infrastructure across the board is fundamentally based on FROM:

> In other situations, it might be the List-Post rather than the
Sender.

It sounds to me that in a indirect way, you are trying to solve the 3rd party signer authorization problem and to use this as the basis for DKIM signing in general? That the domain owner have no say in its domain mail? Does the domain owner have any control any more? Or is that obsolete too? :-)

I fail to see how mandating Sender is going to solve anything other than to take the domain owner completely out of the picture. I see this as flawed in so many ways, far more than what From: protection can offer.

---
HLS


_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html