On Mar 17, 2006, at 8:51 AM, Chris Lewis wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Levine wrote:
In this case, the problem is that the recipient system is using a
broken authentication scheme that rejects useful mail that it should
accept. Fans of SPF keep trying to redefine SPF's failure cases
to be
the fault of people who send mail in ways that SPF can't handle,
rather than as a failure of SPF.
I have as poor opinion of the SPF koolaid as even you, John.
But, DKIM and virtually any other message authentication method would
fail in this too.
I can't see how that would happen.
This was a webform sent by electric.net to itself. It wouldn't
have signed the message with DKIM (and even if it had, it
wouldn't have signed it claiming to be someone else.)
Even if it did manage to create a broken signature... no
big deal. Nobody should be rejecting on an invalid DKIM
signature, ever. If they do, their implementation is broken.
(Now, if you pull the concept that is SSP out of your
back pocket you might well be able to break DKIM in this
situation. But SSP is primarily an attempt to add the flaws
of SPF to DK, AFAICT, not a flaw in the DK/DKIM concept
itself.)
Cheers,
Steve
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg