[ietf-dkim] Re: Not exactly not a threat analysis

ietf-dkim

[ietf-dkim] Re: Not exactly not a threat analysis

2005-08-23 02:07:59

Tony Finch wrote:

Isn't the i= tag the new identity that Keith is asking for?


Checking the draft, i= is optional, must be below d=, it's not
required to match anything selected by h=, and it's a "verifier
policy issue" [XREF TBD] with the fine print.  

I'm not sure, but for Keith's idea the "signing entity" can at
least pick whatever header fields it likes in h=, that could
be From + Sender + Resent-From + Resent-Sender + List-Id or a
hypothetical Signed-From.  In Jim's example...

<http://article.gmane.org/gmane.ietf.dkim/374/raw>

...it was "only" From. Date, Subject, Content-*.  Signing the
Subject and the Content-Transfer-Encoding might be a bad idea,
and why not To and Cc ?
                        Bye, Frank


_______________________________________________
ietf-dkim mailing list
http://dkim.org

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] Not exactly not a threat analysis, (continued) Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Michael Thomas Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Arvel Hathcock Re: [ietf-dkim] Not exactly not a threat analysis, Jim Fenton Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02 Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch [ietf-dkim] Re: Not exactly not a threat analysis, Frank Ellermann <= Re: [ietf-dkim] Re: Not exactly not a threat analysis, Tony Finch Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, Arvel Hathcock Re: [ietf-dkim] Not exactly not a threat analysis, Earl Hood Re: [ietf-dkim] Not exactly not a threat analysis, SM Re: [ietf-dkim] Not exactly not a threat analysis, Douglas Otis Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Keith Moore Re: [ietf-dkim] Not exactly not a threat analysis, Douglas Otis Re: [ietf-dkim] Not exactly not a threat analysis, John Levine

Previous by Date:	Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Douglas Otis
Next by Date:	Re: [ietf-dkim] Re: Not exactly not a threat analysis, Tony Finch
Previous by Thread:	Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch
Next by Thread:	Re: [ietf-dkim] Re: Not exactly not a threat analysis, Tony Finch
Indexes:	[Date] [Thread] [Top] [All Lists]