From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Mon Jan 07 2002 - 11:52:58 CST
In <20020106115143.C10562@main.templetons.com> Brad Templeton <brad@templetons.com> writes:
>On Sat, Jan 05, 2002 at 08:19:34PM +0000, Charles Lindsey wrote:
>>
>> My draft signature proposal carefully excludes Sender from the default set
>> that is normally signed, and also explicitly points out that signing it is
>> not a good idea.
>Well, as the header was designed originally for mail, that's not true.
>In mail, it was intended to be a way for the real sender of a message to
>indicate he/she/it was sending it on behalf of somebody else. The
>classic example was a secretary sending mail for the boss.
>In this classic example, the sender would sign the messages (including
>of course the sender header) and not the From line author, though in this
>case the Sender's certificate would authorize them to use the address
>in the From line.
Sure, if a sufficiently clued-up person uses the Sender header correctly
and intelligently, then by all means let him sign it (though I doubt he
gains much by that assuming the From is already signed).
But my point is that the Sender IS frequently used in situations that are
neither clued-up, nor correct, nor intelligent. Therefore, they should not
be signed by default, and it is better for there to be a warning against
their use in "normal" situations (sadly, non-clued-up behaviour has to be
considered "normal" :-( ).
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5