Re: Last Call: Originator-Info Message Header to Experimental
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last Call: Originator-Info Message Header to Experimental
On Tue, 14 Jul 1998, Shmuel (Seymour J.) Metz wrote:
> While it is true that the header can be trivially forged, that doe
> not not provide adequate grounds for a MUST NOT. If I choose to use
> the contents of this header for purposes of authorization, no harm to
> the net occurs, although I may cause harm to myself. Even a SHOULD NOT
> is questionable.
The MUST NOT is based on field experience with the X-Sender header as
described in the spec. Harm to the net includes: users who can't
unsubscribe from mailing lists, users who can't use subaddresses on a
mailing list, and mis-routed email. All of these have been caused by
misuse of the X-Sender header and resulted in support for the X-X-Sender
header in some clients. In addition, pretending that Originator-Info,
X-Sender, or even Sender is somehow "authenticated" could mislead users
into believing things which are false. S/MIME and PGP-MIME are
authenticated, Originator-Info isn't and MUST NOT be treated as such.
- Chris
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
