----- Original Message ----- From: "SM" <[EMAIL PROTECTED]> To: "Stephen Farrell" <[EMAIL PROTECTED]>; "Jeff Macdonald"
> >And can't the threats document (& later, whatever relevant spec) not > >just say "don't do that" and thus avoid the problem? > > The DKIM draft mentions: > > "Under no circumstances should an unsigned header field be displayed > in any context that might be construed by the end user as having been > signed." > > It could be extended further: > > The "From:" header should not be signed if it contains more than one > sending address. > Excellent point!!!! This is logic that software can use. It doesn't have to sign the From: under special situations. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ ietf-dkim mailing list http://dkim.org