ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] SSP security relies upon the visual domain appearance

2005-11-17 23:57:57
from [SM] [Permanent Link] 
Hi,
At 14:25 17-11-2005, Stephen Farrell wrote:

And can't the threats document (& later, whatever relevant spec) not
just say "don't do that" and thus avoid the problem?


The DKIM draft mentions:

  "Under no circumstances should an unsigned header field be displayed
   in any context that might be construed by the end user as having been
   signed."

It could be extended further:
The "From:" header should not be signed if it contains more than one sending address. 

Regards,
-sm

_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Hector Santos
Next by Date:  Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Hector Santos
Previous by Thread:  Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Stephen Farrell
Next by Thread:  Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]