Murray S. Kucherawy wrote:
-----Original Message-----
I don't understand how that follows. I'm talking about a dual-From: message
that wasn't signed at all. An MUA will still show the "wrong" one. So I
fail to see why a DKIM specification needs to make a normative requirement
about a problem that's been around since years before the acronym "DKIM" ever
appeared anywhere.
No one is saying that DKIM is at fault for the old problem. But it is
at fault when it fails to do anything about it when it can and is
designed to do this.
The issue again is section 5.4 saying only to sign the last one when
there are duplicates.
Well, it failed to provide the normative information that there could
only exist one 5322.from and provide an exception rule for this.
It provided a note about the "Comment" header. It needs to do one for
5322.From and others.
The problem with the updated text is that it makes it sound like its
an optional consideration to check for this because it tries to lie
the burden on others for the problem.
Sure, the problem existed but only now is there a focus on how this
can be a real problem because of the "trust" part the DKIM tries to
add to the picture.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html