ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Can vendor's really say they have DKIM support yet?

2006-02-01 21:54:23

From: "Mark Delany" <MarkD+dkim(_at_)yahoo-inc(_dot_)com>


Also, from a "marketing" perspective, the question we used to get in
the early days of DK was "who else?". One expects the same with
DKIM. Pointing to players that are investing the effort and producing
product, albeit with the risk of change, strikes me as more positive
than negative.

This is necessary and hopefully testing within well defined limited
sittings, aka "ALPHA" mode.

But when you begin to use it in production mode, it places an impact and
burden equal or greater as well on others that you presenting this new
information too.

One will argue, the t=y policy attribute can be used for testing:

   5.  Policy Syntax and Semantics

   t= A vertical-bar separated list of flags (plain-text; OPTIONAL,
      default is that no flags are set).  Flag values are:

      y  The entity is testing signing policy, and the verifier SHOULD
         NOT consider a message suspicious based on the record.

But as pointed out with a real world example back in November 9, 2005.

     http://mipassoc.org/pipermail/ietf-dkim/2005q4/001323.html

This is a threat and exploit when Bad Actors use t=y to get around any
irregularity of their DKIM "emulations" in messages.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


_______________________________________________
ietf-dkim mailing list
http://dkim.org