Re: [ietf-dkim] Not exactly not a threat analysis

ietf-dkim

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-15 14:50:31

Earl Hood wrote:

On August 15, 2005 at 15:49, "Arvel Hathcock" wrote:
DKIM either needs stronger binding semantics, or
it needs to limit when signing can be done.
I think DKIM deals with this correctly right now. Binding to theRFC2822.From header is not required BUT when it's missing an SSP check isperformed to discover and enforce the wishes of the domain owner.
IIRC, an SSP check is done against the "Originator Address".  This is
either the rfc2822.from or rfc2822.sender.


That's not correct. It's only From.

                Mike
_______________________________________________
ietf-dkim mailing list
&lt;http://dkim.org&gt;

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[ietf-dkim] semantics of message signing, (continued) [ietf-dkim] semantics of message signing, Keith Moore Re: [ietf-dkim] semantics of message signing, Jim Fenton Re: [ietf-dkim] Not exactly not a threat analysis, Hector Santos Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, SM Re: [ietf-dkim] Not exactly not a threat analysis, Douglas Otis Re: [ietf-dkim] Not exactly not a threat analysis, SM Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Arvel Hathcock Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas <= Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Arvel Hathcock Re: [ietf-dkim] Not exactly not a threat analysis, Jim Fenton Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02 Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch [ietf-dkim] Re: Not exactly not a threat analysis, Frank Ellermann Re: [ietf-dkim] Re: Not exactly not a threat analysis, Tony Finch

Previous by Date:	Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood
Next by Date:	Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas
Previous by Thread:	Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood
Next by Thread:	Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood
Indexes:	[Date] [Thread] [Top] [All Lists]