ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks

2006-01-31 10:58:47
from [Dave Crocker] [Permanent Link] 

Bill,


Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:

The hacker does not need access to my zone, he just attaches a lookalike
header yes " And to have *any* rule that allows bypass of defense
based upon the receipt of a header from outside your control is
extremely dangerous." But folks will do it anyway
By "lookalike" do you mean social engineering with a related name string, such as citibank.com vs. c1t1bank.com, or do you mean something else. 

If something else, please elaborate.
On the other hand, if you mean the name confusion thing, I would guess that that is entirely out of the scope for this working group, since it really pertains to reputation mechanisms, associations between domain names and brands, etc. 

d/
--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: Inconsistent Signature vs Policy Attacks, Dave Crocker
Next by Date:  RE: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks, Bill.Oxley
Previous by Thread:  RE: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks, Bill.Oxley
Next by Thread:  RE: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks, Bill.Oxley
Indexes:  [Date] [Thread] [Top] [All Lists]