ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs

2010-10-01 16:30:21

Jeff Macdonald wrote:
On Thu, Sep 30, 2010 at 9:19 PM, Douglas Otis 
<dotis(_at_)mail-abuse(_dot_)org>
wrote: 
Is there a safe way to shift DKIM signature compliance based upon the
 From header field to that of the Sender header field?

We've avoided the Sender header because most folks are confused when
Outlook says "on behalf of". And not all MUAs display that anyway. 

I do agree that DKIM signature compliance should no be based on From.
In fact it should be a new domain/sub-domain altogether.

The fundamental problem with the current situation is that the
authenticated identity is not displayed and the displayed identity
is not authenticated.  Rather than create a pointer indirection
relationship between From and d=, which requires a secure binding
as well as introducing a provisioning headache, maybe the right
approach is to push on the former problem: encourage MUAs to
display d= information when it can be validated (either directly
by the MUA or by relying on trusted Authentication-Results headers
from the last hop MTA).

-Pete

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html