Douglas Otis wrote:
This draft goes to the opposite extreme of the ASP draft and increases
the restrictions for "all" compliance as well. This draft indicates
_ALL_ messages are to include a signature with an i= parameter matches
that of an identity within the From header. This is not the defined
use for RFC 4871.
It is true that RFC 4871 does not require or define any binding between
the i= parameter and the From header field (or any other header field,
for that matter). That is defined by *SP. The question is really the
nature of that binding: whether it's the entire address (in cases where
i= has a local-part) or whether it's just the domain. That seems to be
what's at the heart of issue 1519.
The ASP approach creates fewer corner cases. At least with the ASP
draft, any risk of misuse remains within the control of a domain to
rectify.
This last statement I don't understand. Can you give an example of
"misuse within the control of a domain" that is introduced by matching
the local-part?
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html