ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-16 19:28:10
Earl Hood wrote:
On August 16, 2005 at 14:50, Michael Thomas wrote:
DKIM has the ability to do this now via multiple signatures
in the same message. My implementation allows for it, in
fact.

If a signer wants to include an existing signature
field, signature fields should have a clear identification capability
so a verifier can easily determine each field when multiple exist.

Huh? All you'd need to do is add the DKIM-Signature to the h=
list just like any other header.

For my part, I think that the From address is about the only
thing that that anybody pays regular attention to,


Not if it is spam.  Spam may have changed how people interpret From.
The only time From is relied upon is if the receipient sees that the
content of the message is matches with what they expect from From.

As well they should... which is rather the problem at hand, no?

Side comment: It is worth noting that more younger people are moving
to instant message style services for communication over email (email
is considered to be for "older" people).  Email should not become a
poor man's IM.  It has certain semantics (that many do not utilize,
but others do) that are important.

As if all of these problems won't resurface with SPIM and SPIT.
It's rather important, IMO, to get an existence proof that
_anything_ identity-wise works for the non-walled garden.

                Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org