Wayne, I wrote:
Meng Weng Wong>
If the MARID information is going to be used for 2822
authentication [...]
then we should at least provide a well-defined
algorithm for all receivers to apply.
I believe this is exactly what's been proposed.
The only MARID proposal for RFC2822 has been C-ID. For many of the
important case, domain owners need to use the directOnly option. The
C-ID spec basically says "everyone is on their own about how to verify
things in this case." There is no well defined algorithm.
Not yet.
I was refering to Andrew Newton's post "towards a compromise" in which he
proposes that "For 2822, we devise a selection algorithm. This well-known
selection algorithm will determine which header to use in the presence or
absence of other headers"
Until such time that there is at least a proof-of-concept code that we
can all play with and collect real data on real email feeds, I will
strongly object to including the RFC2822 identities as something we
should work on.
This is a self-fulfilling, circular, kind of position don't you think? It
is invalidated by the first sight of an implementation which uses these
identities... but you've ruled them out of scope already... So you can't
have a MARID proposal which uses them...
Ho hum.