On Tue, 29 Jan 2008 17:52:57 -0000, Jeff Macdonald
<jmacdonald(_at_)e-dialog(_dot_)com> wrote:
On Wed, Jan 16, 2008 at 09:46:26AM -0800, Dave Crocker wrote:
<snip>
In any event, "on behalf of" is key wording that permits more
flexibility than you seem to be acknowledging. Note, for example, that
the agent specified in the Sender field is acting "on behalf of" the
author.
Is that agent authorized to work "on behalf of" the author?
That is what the person who actually sent it is claiming.
A well-organized 1st party signer will not sign anything that did not
originate within is domain, and containing a From/Sender within bis domain.
So if the Sender is in his domain, then he ought to establish that is
where it came from, and then include that header within his signature.
But, in that case, he really needs some mechanisn to be able to say, in
his SSP, that "we check and sign Sender headers where present". Ditto for
Resent-From and Resent-Sender.
BTW, would it be useful for a signature to contain some feature to
indicate whether it claimed to be a 1st/2nd/3rd/whatever-party signature?
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html