Re: [ietf-dkim] Not exactly not a threat analysis

ietf-dkim

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-15 15:14:31

BTW, you left out a key statement when quoting me
that qualifies my statement.  Mr. Otis mentioned "the
permitting the submission of the message."  However,
a DKIM signature can be generated by someone
else besides the originating domain, depending on OA
SSP policies.


Absolutely right.

Therefore, the signer may not be domain that initally
accepted message into the mail transport system.


Absolutely right again.

This type of signature claims a different type of
responsibility than, "the permitting the submission of
the message."


Absolutely right again!  This type of signature is saying "Look, this
message passed through my signing machine and the signature I affixed
attests to the message content I saw when I signed it."  This type of
signing identity can be used as an input to a filtering process but it can't
be assumed to be from the OA.  Am I wrong?

--
Arvel



_______________________________________________
ietf-dkim mailing list
&lt;http://dkim.org&gt;

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] Not exactly not a threat analysis, (continued) Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Arvel Hathcock Re: [ietf-dkim] Not exactly not a threat analysis, Jim Fenton Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02 Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch [ietf-dkim] Re: Not exactly not a threat analysis, Frank Ellermann Re: [ietf-dkim] Re: Not exactly not a threat analysis, Tony Finch Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Arvel Hathcock <= Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, SM Re: [ietf-dkim] Not exactly not a threat analysis, Douglas Otis Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Douglas Otis Re: [ietf-dkim] Not exactly not a threat analysis, John Levine Re: [ietf-dkim] Not exactly not a threat analysis, SM Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood

Previous by Date:	RE: [ietf-dkim] Not exactly not a threat analysis, James Scott
Next by Date:	Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood
Previous by Thread:	Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood
Next by Thread:	Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood
Indexes:	[Date] [Thread] [Top] [All Lists]