ietf-dkim
[Top] [All Lists]

RE: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks

2006-01-31 11:35:36
A dkim compliant mta will do a dip on my dns records and find no ssp
or
dk record and drop the message as non compliant.

if the signature succeeds, why do they need to check ssp?

I was making an assumption that if it's the first time cox.com has hit
that mta they would get the values for both public key and ssp to cache
them locally. If a subsequent message fails cached info then a re-dip of
the zone records would either reflect new correct values or be the same
as the currently cached records and fail signature processing. I would
think that keeping a local cache would speed things up.

Bill Oxley 
Messaging Engineer 
Cox Communications, Inc. 
Alpharetta GA 
404-847-6397 
bill(_dot_)oxley(_at_)cox(_dot_)com 



_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread] Current Thread [Next in Thread>
  • RE: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks, Bill.Oxley <=