Arvel Hathcock wrote:
This is an interesting, even novel approach. I'm still trying to
evaluate it. One question I have is how it would interact with what
headers are covered by the author signature. In particular, does the
Sender: field in this case have to be covered by the signature?
Good point. I'd like if we could keep that as a tracked issue, just
so's we remember to think about it.
One question I have is this: do we need the added algorithmic
complexity of this Sender: match check? If it can't solve all cases in
which multiple addresses in From: exist then maybe it's not worth the
extra effort to spec out and code for? In other words, since
implementations can't get away from a "check all From domains"
sub-routine anyway then adding extra code for a Sender: match along with
a check to make sure Sender was covered by the signature just seems like
extra work for the implementor?
Something to think about anyway.
Yeah, that's what I'm worried about too. Especially in light of
implementations that don't obey this From: Sender: correlation
which may well be a common misimplementation.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html