Douglas Otis wrote:
RFC 4871 clearly indicates the i= parameter is _intended_ to identify
the user or agent for which the message is being signed. When a
signature is added on-behalf-of an entity whose email-address is found
within the Sender header, and where the message happens to include a
On Feb 2, 2008, at 3:18 AM, Eliot Lear wrote:
Douglas Otis wrote:
This draft goes to the opposite extreme of the ASP draft and
increases the restrictions for "all" compliance as well. This draft
indicates _ALL_ messages are to include a signature with an i=
parameter matches that of an id
On Feb 1, 2008, at 4:42 PM, Jim Fenton wrote:
Douglas Otis wrote:
On Feb 1, 2008, at 2:58 PM, Jim Fenton wrote:
A domain using RFC 4871 as defined might wish to clarify which
entity had been authenticated. Such authentication information
would help prevent intra-domain spoofing. SSP ess
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Feb 1, 2008, at 5:32 PM, J D Falk wrote:
> Wietse Venema wrote:
>
>> In my opinion, as one of the authors listed on the ASP draft, SSP-02
> is
>> close enough in spirit to ASP that I could live with either.
>
> As another author, +1.
Same here. I
Dave Crocker wrote:
John Levine wrote:
In my opinion, as one of the authors listed on the ASP draft, SSP-02
is close enough in spirit to ASP that I could live with either.
Same here. The actual wire protocols that the two drafts define are
almost identical.
+1
I loo
John Levine wrote:
In my opinion, as one of the authors listed on the ASP draft, SSP-02
is close enough in spirit to ASP that I could live with either.
Same here. The actual wire protocols that the two drafts define are
almost identical.
+1
I look forward to getting
> maybe a sender forging Reply-To can be up to
> something really bad.
Strike "maybe":
http://isc.sans.org/diary.php?storyid=3917
___
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
Michael Hammer wrote:
> There is a presumption of goodwill in the RFC that doesn't
> necessarily exist in a world where 85%+ of email is abusive
Yes. I'd put mailing lists overwriting my Reply-To into the
"abusive" category, and maybe a sender forging Reply-To can
be up to something really bad.
Douglas Otis wrote:
This draft goes to the opposite extreme of the ASP draft and increases
the restrictions for "all" compliance as well. This draft indicates
_ALL_ messages are to include a signature with an i= parameter matches
that of an identity within the From header. This is not the defi