On Thursday 13 July 2006 17:17, Hector Santos wrote: > ----- Original Message ----- > From: "Barry Leiba" <[EMAIL PROTECTED]> > > > As chair, I see a growing consensus to do it that way. Let's try to > > resolve this issue tout de suite, and move on. I'd like to hear from > > people who think we should have some headers as "MUST sign". I'd like > > to hear from those who agree with Mark and Mike, that we should not have > > any with "MUST". > > > > What say you? > > See my last message to Eric: > > http://mipassoc.org/pipermail/ietf-dkim/2006q3/004249.html > > I vote for a minimum requirement and expectation that is part of the > fundamental email infrastructure. In regards to DKIM, that should be the > FROM: (If I had my choice, I would suggest the DATE: too just to be > consistent with RFC 2822 minimum requirements). > > However, I say this from a Domain Signature Authorization point of view > which as you know, I am a strong advocate of. It can be "adjustable" if > the domain policy says its ok. But I believe this will complicate policy > concepts so I vote for a minimum requirement. > I think that a requirement to sign RFC 2822 required identity header fields (From and Sender if present) makes a lot of sense. I expect that if we don't make this a requirement in Base, then in operations, receivers will pay little attention to signatures that don't include them. So, if we fail to include that requirement, I think we are doing people a dis-service.
I am (no surprise) against any requirement to sign resent-*. They aren't identity fields in the same way that From and Sender are. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html