On Wed, Jan 28, 2009 at 7:42 PM, Dave CROCKER <d...@dcrocker.net> wrote: > It provides data integrity, for the portions covered by the hash, and it > authenticates the asserted "signing identity". It does *not* assert > authorization of the From: field.
Unless the from field is signed .. and perhaps this is appropriate in quite a few scenarios. Even in cases where the from is not changeable by the end user (in a webmail client, or corporate mail system) and is therefore yet another header that is subject to signing? And does this go for other alternatives such as Sender: where the envelope sender is inserted where header from differs from envelope from? > Given the community tendency to make assumptions about DKIM that aren't in > the specification, this really is worth being extremely careful about. That's one more reason for a use case document. thanks suresh -- Suresh Ramasubramanian (ops.li...@gmail.com) _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
