ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] on the scope and necessity of threat analysis

2005-08-14 05:57:18
At 20:58 13-08-2005, Earl Hood wrote:
This ties into my address-based versus domain-based forgery.  DKIM is
domain-based, but as it exists now, it actually will facilitate
address-based forgery.  This will hopefully be corrected in the next
draft revisions, which has been noted in other discussion threads.

Will users be able to make the distinction between the domain being authenticated instead of the address? I don't think so. Signers should take this into account or else people will make use of this loophole for address-based forgeries.

BTW, it may help to stop mentioning DKIM as an anti-spam measure,
and only refer to it within the context of the problem it actually
addresses: email identity forgery.  Of course, people will make
inferences that DKIM is an anti-spam measure, but DKIM documents
should not even mention spam.

I agree.

Regards,
-sm
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim

<Prev in Thread] Current Thread [Next in Thread>