Tony Hansen wrote: > Dave Crocker wrote: >> Alas, it was pointed out to me that SSP does indeed have a requirement for a >> lookup even when the message is signed. This is when there is so-called >> third-party signing. (I believe this means when the domain in the >> rfc2822.From >> does not make the DKIM d= domain.) > > I would at a minimum include rfc2822.Sender in this check: third part > signing is when the DKIM d= domain is not equal to either the > rfc2822.From's domain nor the rfc2822.Sender's domain.
Tony, et al, Switching back to the 'requirements' suggestion I have been making: I would like to see a scenario described that explains exactly what problem needs to be detected and why it is a compelling, immediate requirement. I would like to see the description done in a way tht talks about particular individuals and organizations, without referring to particular protocol units. In other words, I'd like to see the non-technical description of the requirement and its rationale, before it gets translated into the technical details, such as citing particular header fields. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html