In <0B6B09F9B2A0A3BD42D26BEE(_at_)[192(_dot_)168(_dot_)1(_dot_)2]> DKIM Chair
<leiba(_at_)watson(_dot_)ibm(_dot_)com> writes:
* One of the signatures has minimal scope, maybe signing only "from:",
with l=0.
Please pardon my ignorance here, as I haven't not been following this
group closely lately, but...
Wouldn't signing just the 2822.From: header be close to useless since
it could trivially be replayed on all forged email? Even if you throw
in things like the 2822.Message-ID:, and 2822.Date:, etc., you really
have more "security" with the Habeas haiku.
-wayne
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html