On Wed, Jul 12, 2006 at 08:48:21PM -0700, william(at)elan.net allegedly wrote: > > On Wed, 12 Jul 2006, Eric Allman wrote: > > >For the same reason From: has to be signed --- they represent the [fill in > >blank with your favorite word: author, originator, whatever] of the > >message. I suppose we can legitimately ask why From: MUST be signed > >though. In terms of interoperability it is not required, but in terms of > >being useful it seems like it is. > > So if message has Resent-From field would SSP check be done against From > or Resent-From or both?
Gosh. What a can of worms. Is SSP consulted on a verified signature? If not, then how can SSP play into these headers? Mark. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html