It's far more error-prone to use RFC2822 identities, and the only
real excuse for doing it is that the address in the From: header is
what's _visible_ to the user.
Well, yeah. We've hashed over this a million times. There are
plausible arguments in favor of both 2821 and 2822 addresses, but I
was under the impression that the consensus here was that we're
signing 2822 addresses. This is an area where we really won't know
how well things work until there are substantial experiments, and of
the proposals I'm aware of, the only ones that have been implemented
and used much are DK and TEOS, both of which sigh 2822 headers.
It's also important to keep in mind that the software we use is often
not the software that typical Internet users use. As a specific
example, I've often seen comments to the effect that MUAs don't
display what's in the Subject: line. If you use MS Outlook (which
I'm not saying is a good idea, but a whole lot of people do), it does
show the Sender: header, displaying something like "from <sender> on
behalf of <from>."
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
http://www.taugh.com