This is an interesting, even novel approach. I'm still trying to
evaluate it. One question I have is how it would interact with what
headers are covered by the author signature. In particular, does the
Sender: field in this case have to be covered by the signature?
Good point. I'd like if we could keep that as a tracked issue, just
so's we remember to think about it.
One question I have is this: do we need the added algorithmic
complexity of this Sender: match check? If it can't solve all cases in
which multiple addresses in From: exist then maybe it's not worth the
extra effort to spec out and code for? In other words, since
implementations can't get away from a "check all From domains"
sub-routine anyway then adding extra code for a Sender: match along with
a check to make sure Sender was covered by the signature just seems like
extra work for the implementor?
Something to think about anyway.
Arvel
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html