Paul Hoffman wrote:
That's not how I read the discussion on SecDir. In specific:
At 9:09 AM -0500 1/29/08, Barry Leiba wrote:
[...] It seems likely that if this header should become popular,
malware would be
changed to take advantage of that, and to use compromised machines to
spoof
sender-auth headers within their own domains... so this is a real
threat that
needs to be addressed. And it seems to me that (1) is the right way
to do it.
So there should be something in the security considerations
describing this
problem, and suggesting (1) as a way to deal with it.
That's more than a "security consideration".
The author of the review concurred with Barry's points, including that
last sentence, which seems to me to limit it all to a security
consideration.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html