-----Original Message-----
From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf-
mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Douglas Otis
Sent: Thursday, December 09, 2004 2:19 PM
To: IETF MAILSIG WG
Subject: Re: Sender signatures are useful for...?
On Thu, 2004-12-09 at 11:50, wayne wrote:
In <16824(_dot_)40492(_dot_)723484(_dot_)512812(_at_)mtcc(_dot_)com>
Michael Thomas <mike(_at_)mtcc(_dot_)com>
writes:
So it seems that a lot of people are taking it as axiomatic
that a Sender: signature provides some utility.
Personally, I see very little utility in protecting the Sender:
header, and far far less in protecting the Resent-* headers. I see a
lot of utility in protecting the From: header, the envelope from
(2821.MAILFROM), and the HELO domain.
How does this get deployed? The From is a function of the Originator
and can be a domain independent of the Submitter domain.
I actually see this as an advantage for signatures on the From rather than a
disadvantage. In the case where the Sender and From domains are identical
there is obviously no problem with key distribution. In cases where
businesses have relationships which allow real authorized mail using their
domain to be sent from outside of the administrative domain this gives them
a clear way to express that authorization and accountability for that use of
their domain. The owner of a domain is likely only going to accept
accountability for mail sent through domains with which they have some type
of relationship. If the key verification requires a query against the domain
owner and the keys are distributed by the domain owner to all sources they
accept accountability for (which likely would include things like third
parties who mail on their behalf, the MTA's of traveling salesmen, in
addition to their own MTA's) then we would have a pretty complete list of
everyone that domain owner has taken positive steps to indicate as an
authorized Submitter for their domain.
Robert