Michael Thomas wrote:
We need to define at least one binding between a DKIM signature
and an outside 2822 origination address. I think there's pretty
good agreement that 2822.From is a very interesting address.
So far that's decided in -base, for a present (valid) signature.
The question you raise, I think, is whether there are other
addresses like Sender, etc.
My question is about mails without (valid) signature.
nothing prevents you from doing an SSP lookup on any address or
domain that you desire, so at some level you are accommodated.
No, it's not obvious what it means if the 2822-From domain claims
to sign all mails, and the Resent-From domain makes no statement.
Does there really need to be anything more formal at this point?
Yes, receivers need to know that those obscure Resent-* cases, or
more likely Sender cases exist, they are permitted in 2822 mail.
If the sender (or resender) did nothing wrong, the 2822-From SSP
MUST be ignored. Maybe for pure mail scenarios we could get away
with a "if there was a valid signature you're suppoosed to keep
it as resender (or sender)" strategy, but that's not good enough
for cases like news2mail.
I hope not because it likely a deep rathole that in the end isn't
too likely to change anything in the protocol itself
An attempt to finish off Errors-To "officially" is on its way (*).
Anything related to "PRA" is messy, but hand-waving does not help.
I'd love it if somebody could decree that Resent-* is confusing +
unnecessary + harmful + obsolete (pick all :-), but it just won't
happen before ssp-requirements-03.
Frank
*: <http://permalink.gmane.org/gmane.ietf.message-headers/35>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html