On August 16, 2005 at 19:05, Michael Thomas wrote: > Why is it important to know who the recipients were?
As been noted before, it can help deal with replay problems and provide a trail if a message is re-introduced into the mail system. > > IIRC DKIM can't sign envelope fields, and it doesn't clearly > > distinguish between author and sender roles. > > If it were important, it could easily be added. I don't > understand why it's important. And I don't understand > what is gained by separating roles. Author and sender can be two different entities. And if case of re-introduction, sender vs author is even more significant. > > b. Message was authored by A, signed by A, but initially submitted to > > some other address and later forwarded to your mother. Show the From > > field but also show a highlighted alert that says "this message was not > > sent to you by the author of the message, but was forwarded to you by > > <address>". > > Probably ok, I believe that some MUA's do this now more > or less with Sender (albeit without any assurance). What about the Resent-* fields? Not sure how well MUAs display them. Not sure of how many MUAs support "resending" of a message versus forwarding. > > c. Message was authored by A but signed by someone else. Show the From > > field but also show a highlighted alert that says "This message claims > > to be written by A but was signed by B". > > You just lost My Mother, I think. Well, at least you lost > me because I have no idea how I ought to behave in its > presense. This is exactly what DKIM does. A message was authored by A and the domain, B, is the signer. Therefore, are you saying you do not know how to deal with DKIM signed messages? > > And again, I certainly don't expect users to sort out this stuff by > > looking at message headers. (they couldn't verify the signatures by > > looking at them anyway). So yes, cutsey icons and simple text > > displayed above the message on a colored background is very much what I > > have in mind. > > The point I was trying to make is that new identites, etc, confuse > users. I do not think you can state that as fact. Much depends on how the information is displayed to recipients. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
