SM wrote:
In Section 3, it is stated that:
"An MTA compliant with this specification MUST add this header field
(after performing one or more sender authentication tests)"
I assume that you mean the sending mailbox was authenticated. If
so, that would not cover DKIM where a signing domain claims
responsibility.
I guess we're running into a blurring between "sender" and "signer".
Is this a major point of concern? Or is it sufficient simply to
define my use of "sender" to include the "signer" case, perhaps
citing DKIM as an example?
It may be a point someone would raise during the last call. Defining
sender to include the "signer" case of DKIM is not the right approach
in my opinion. If authentication tests is used instead of sender
authentication tests, it would encompass the signer case.
It's kind of a major rewrite, including even the filename and title of
this document, to change it all from "sender authentication" to "message
authentication" or something like that. Is that really necessary? Or
is there perhaps a definition for "sender" we can give near the top of
the document explaining that we're referring to the agent asserting
authenticity/ownership of the message?
What do others think?
-MSK
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html