ietf-dkim
[Top] [All Lists]

Fwd: Re: [ietf-dkim] Base issue: multiple linked signatures

2007-01-03 03:41:23
On Tue, 02 Jan 2007 18:11:06 -0000, Douglas Otis 
<dotis(_at_)mail-abuse(_dot_)org>
wrote:


It may prove a mistake mandating the signing of the From header once internationalization becomes common. The From header mandate supports a highly dubious anti-spoofing effort based upon visual recognition. A far more secure alternative applies annotations to digitally recognized originators. Such an annotation scheme does not require troublesome From header stipulations and is not susceptible to various visual exploits, such as the use of look-alikes or cousin domains.

I agree. An unsigned From is a cause for suspicion, but there may
sometimes be valid resons, which the verifier should be allowed to
consider. For example, in EAI the From may get downgraded during transit.
It is not yet clear what would be the best way to get around that problem,
but unnecessarily restrictive "MUST"s are not going to help. "SHOULD"
would have been quite strong enough - no interoperability problem srises.

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>