ietf-mxcomp
[Top] [All Lists]

Re: I-D ACTION:draft-ietf-marid-submitter-02.txt

2004-07-22 12:02:50

Terje,

TP> When a SUBMITTER parameter is provided then receiving MUAs SHOULD
TP> display the SUBMITTER parameter as the sender of the email instead
TP> of the original FROM address in the RFS 2822 headers; otherwise an
TP> attacker can trivially defeat the algorithm by providing a different
TP> SUBMITTER and FROM address.


SUBMITTER is related to rfc2822.Sender, not rfc2822.From.

The concern for display to the user is certainly valid.  However
bypassing the From field creates more problems than it solves.

d/
--
 Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
 Brandenburg InternetWorking <http://www.brandenburg.com>
 Sunnyvale, CA  USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>