ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] New issue: base-00 3.5 x= (was: testing Message Corpus& question for base spec)

2006-02-11 13:50:00
On Sat, 2006-02-11 at 14:51 -0500, Hector Santos wrote:

I personally don't have a problem with a change to "SHOULD" or "MAY"
recommendation, but rested assured, this (bad expiration) will be one
or many guarantee form of exploitation.  So a relaxation should be
couple with a hindsight about the high probably consequences of
passing the buck of bad or expired keys to the user.

An expiry that is too brief may also be used as a type of exploitation.
A bad actor knows that a domain checks DKIM at both the backup MTA and
at the MDA.  The bad actor uses a mis-directed return-path and an expiry
that is too short and sure to be caught by the MDA.  The DSN thereby
generated would be expected to damage the signature.  Perhaps an expiry
exploit could be used to get the victim to wonder how they sent a signed
message containing that hot stock tip. 

-Doug 


_______________________________________________
NOTE WELL: This list operates according to 
http://dkim.org/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>