ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks

2006-01-31 11:36:58
from [Dave Crocker] [Permanent Link] 



The non dkim compliant mta who hasn't deployed dkim yet or knowing much
about it places a rule stating that signed messages should be allowed to
travel inbound without further checking because dkim is new and safe.
non-dkim compliant, but nonetheless makes a policy decision based on the presence -- and not even the validity -- of a signature?
that sort of receive-side behavior seems sufficiently misguided that I can't imagine a need to protect against it by our work. 



A dkim compliant mta will do a dip on my dns records and find no ssp or
dk record and drop the message as non compliant.


if the signature succeeds, why do they need to check ssp?

d/
--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks, Bill.Oxley
Next by Date:  Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks, Steve Atkins
Previous by Thread:  RE: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks, Bill.Oxley
Next by Thread:  the Internet is inherently insecure (Re: [ietf-dkim] New Issue: 4.2 needs new Attack Item: InconsistentSignature vs Policy Attacks), J.D. Falk
Indexes:  [Date] [Thread] [Top] [All Lists]