Re: [ietf-dkim] SSP security relies upon the visual domain appearance

ietf-dkim

Re: [ietf-dkim] SSP security relies upon the visual domain appearance

2005-11-18 00:19:33


----- Original Message -----
From: "SM" <sm(_at_)resistor(_dot_)net>
To: "Stephen Farrell" <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie>; "Jeff 
Macdonald"

And can't the threats document (& later, whatever relevant spec) not
just say "don't do that" and thus avoid the problem?


The DKIM draft mentions:

   "Under no circumstances should an unsigned header field be displayed
    in any context that might be construed by the end user as having been
    signed."

It could be extended further:

The "From:" header should not be signed if it contains more than one
sending address.


Excellent point!!!!

This is logic that software can use. It doesn't have to sign the From: under
special situations.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


_______________________________________________
ietf-dkim mailing list
http://dkim.org

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[ietf-dkim] SSP security relies upon the visual domain appearance, Douglas Otis Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Eliot Lear Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Douglas Otis Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Jeff Macdonald Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Stephen Farrell Re: [ietf-dkim] SSP security relies upon the visual domain appearance, SM Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Hector Santos <= Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Douglas Otis Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Stephen Farrell Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Douglas Otis Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Stephen Farrell Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Arvel Hathcock Re: [ietf-dkim] SSP security relies upon the visual domain appearance, John Levine [ietf-dkim] multi-From (was: SSP security relies upon the visual domain appearance), Frank Ellermann Re: [ietf-dkim] SSP security relies upon the visual domain appearance, John Levine Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Dave Crocker Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Stephen Farrell

Previous by Date:	Re: [ietf-dkim] SSP security relies upon the visual domain appearance, SM
Next by Date:	RE: [ietf-dkim] SSP security relies upon the visual domain appearance, Douglas Otis
Previous by Thread:	Re: [ietf-dkim] SSP security relies upon the visual domain appearance, SM
Next by Thread:	Re: [ietf-dkim] SSP security relies upon the visual domain appearance, Douglas Otis
Indexes:	[Date] [Thread] [Top] [All Lists]