ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

2011-05-04 03:00:04
from [Douglas Otis] [Permanent Link] 
On 5/3/11 4:25 PM, Murray S. Kucherawy wrote:

I might even go so far as to say returning that From: field is dangerous 
since it is not confirmed by anything, so DKIM (which is an authentication 
protocol) returning data that can't be validated, even if it was signed, is 
quite possibly asking for trouble.

This is a remarkable statement.  DKIM's verification of the signing 
domain provides a basis upon which contents of the message may be 
trusted.  That trust most certainly includes the important From header 
field.  In fact, only the From header field MUST be included in the DKIM 
signature.  As such, clearly defining what constitutes the From header 
field IS important.

-Doug






_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Douglas Otis
Next by Date:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Rolf E. Sonneveld
Previous by Thread:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Douglas Otis
Next by Thread:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]