Re: [ietf-dkim] Not exactly not a threat analysis

On August 17, 2005 at 08:26, Michael Thomas wrote:

PS: as I said, take a look at l= and z= and their implications
     for mailing lists.


l= is a massive security problem.  If you are relying on it, then
you are relying on a exploitable aspect of DKIM.  How verifiers
deal with l= either needs to be revised or this tag needs to
be dropped.

As for z=, the draft states that z= data should not be part
of validation.

--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] Not exactly not a threat analysis, (continued) Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, John Levine Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Exactly not a threat analysis, John R Levine Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood <= Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02 Re: [ietf-dkim] Not exactly not a threat analysis, Arvel Hathcock Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Jim Fenton Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Dave Crocker