Dave Crocker wrote:
Eliot Lear wrote:
On the other hand, one could argue that this could be used as a form of
attack - that I Mr. Spammer insert a From line, a Sender line AND a
signature, with my main objective being to get mail in as some OTHER
From (like a bank or Ebay), knowing that a particular UI is only going
to represent (first|last) From.
>
This presumes that user interface issues are relevant to SSP.
They aren't. Or, rather, they shouldn't be.
+1.
Or rather, if they are, we need to see the empirical basis
> for making these choices.
We aren't in a position to make security-related design decisions
> for user interfaces.
+1,
We should only make sure we are consistent with the framework and/or
make sure there is isn't a dependency or create new ones that relies on
things that may be unfeasible to mandate.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html