Dave Crocker wrote:
The more discussion there is about signature requirements involving transit
accountability -- ie, the MASS goal -- the more I think we need to focus on the role of
the actor who "creates" the total current message. That's the RFC2822.Sender
or RFC2822.Resent-sender. (As the footnote notes, when there is no 'sender' field
present, the 'from' fields hold a virtual copy of it.)
Although having to look for two fields is more complicated than 1, I think that
'latest poster into the transfer service' is the simplest concept. They are,
after all, the entity that should be accountable for the current transfer of
the message by the end-to-end handling service.
How do folks suggest we resolve this?
I believe that the motivation for tying the signature to a particular
header (such as Sender) is to provide some justification for why the
signature is there in the first place, that is to say, why is this
signature there in the first place. So if I got a message on this list
that was signed by owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org, I could look at the
Sender address and say "Aha!