ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?

2005-08-09 21:22:47
from [John Levine] [Permanent Link] 
IMHO, if no SSP records is defined for the OA, then messages from
the OA must be considered to never be signed, and any signed message
should be considered suspicious.


I see why you might want to mandate that any domain that publishes
dkim keys also must publish SSP records, but it doesn't feel to me
like the rest of the group is ready to do that.

R's,
John

_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Design approach to MASS (was Re: [ietf-dkim] On per-user-keying), Earl Hood
Next by Date:  Re: [ietf-dkim] On per-user-keying, John Levine
Previous by Thread:  [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Earl Hood
Next by Thread:  Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record doesnot exist?, Arvel Hathcock
Indexes:  [Date] [Thread] [Top] [All Lists]