On 4/25/2011 9:18 PM, Murray S. Kucherawy wrote: >> Double listing in the "h=" tag can not fully mitigate risks related to >> appended header fields when messages are signed by a different domain than >> the domain found in the appended From header field. > > DKIM doesn't create any binding between the RFC5322.From domain and the "d=" > value as you're doing. What you're talking about here falls into the realm > of ADSP or other policy-like assertions, not DKIM itself which is the topic > of this draft.
Perhaps I am wrong, but I believe that this point has been made and re-made enough times to warrant not making it again. If someone participating in this working group continues to make that error, they are unlikely to change. And the mailing list archive has more than enough evidence of clarifying this point; more is not needed. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html