ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: dkim service and mail lists

2005-10-19 14:39:05
from [william(at)elan.net] [Permanent Link] 

On Wed, 19 Oct 2005, Michael Thomas wrote:


The only way to have the length specifier not be a security
vulnerability is to require all verifiers to strip all content that
exceeds the length.
Which is to say that today (eg, pre-DKIM), any inbound MTA ought to strip all content. 
Correct?


I'm surprised to hear that from you. I thought it was well understood
that we were talking about this only being done when signature is
present (and has been verified) that includes length and that length
does not match the actual message.

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: dkim service and mail lists, Michael Thomas
Next by Date:  Re: [ietf-dkim] Re: dkim service and mail lists, Michael Thomas
Previous by Thread:  Re: [ietf-dkim] Re: dkim service and mail lists, Michael Thomas
Next by Thread:  Re: [ietf-dkim] Re: dkim service and mail lists, Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]