ietf-dkim
[Top] [All Lists]

[ietf-dkim] Re: draft-ietf-dkim-threats-00 Unreasonable estimate of impact from a highly probable exploit

2006-01-25 07:56:13
Douglas Otis wrote:

4.1.5.
 
The Very High was used to make a point.  Just High would be
fine.

Your point is clear.  What you say is that MONs shouldn't sign
mails if they have no MoU with the (final) MRN to protect this
signature.  Otherwise the bad guys abuse this signature in a
replay attack against the reputation of the MON.

And you say that the _impact_ is HIGH.  In addition to a HIGH
likelihood.  That sounds fairly serious, I'd be interested to
hear some other opinions about this.  Your proposed workaround
is a bit too esoteric for my tastes, and IFF your analysis is
correct that could be a showstopper.  Is the "likelihood HIGH"
maybe a bit exaggerated ?                                    
                             Bye, Frank


_______________________________________________
ietf-dkim mailing list
http://dkim.org