ietf-mailsig
[Top] [All Lists]

Re: who's the responsible party?

2004-11-22 20:45:31

As someone has suggested, how about if we require a signature header to 
carry a "responsible address" which is the address that the signer 
identifies as the party willing to accept responsibility for the 
message.  The responsible address MAY be the same as the From, Sender, 
Resent-Sender, or Resent-From addresses (for example), but it need not.

Other than perhaps working around broken MTAs, what would be the
advantage?  If the responsible party isn't already in the Sender: or
Resent-Sender: lines (explicitly or implicitly in From:/Resent-From:)
something's wrong.

I would then advocate that the responsible address SHOULD be made
visible to the recipient in some way, if possible, such as the "via"
thing mentioned in section 7.6 of the IIM Draft.

Oh, definitely.  The otherwise reprehensible but undeniably popular
Microsoft Outlook already does that.  As Carl Hutzler has often pointed
out, we also need to do something about the address comment which is
often all that MUAs display, e,g:

 From: "Citibank Security" <igor(_at_)phishphactory(_dot_)ru>

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"A book is a sneeze." - E.B. White, on the writing of Charlotte's Web


<Prev in Thread] Current Thread [Next in Thread>