On 2006-03-14 20:48, Douglas Otis wrote:
As other avenues close, the Signing-Domain's Administrative Unit
represents a primary area of concern not properly considered in the
threat draft.
As an intellectual exercise I'll translate each of these into shorter
pitches, appropriate for yelling semi-anonymously from the back of room
during IETF meetings (I won't be in Dallas, so feel free to yell any of
these on my behalf if you should feel so inclined.)
1) Access in the Signing-Domain's Administrative Unit
Somebody inside your network can do bad things inside your network!
2) Chosen Message Replay (High impact)
An edge case that we've known about since day 0 is still an edge case!
3) Increased Threats Due to Expedient Assessments (Why replay abuse
has a HIGH impact)
Edge cases in SPF might reveal obscure problems with DNS! (What does
this have to do with DKIM? Never mind, I don't want to know.)
4) Risks of Confusion Using Sub-domains
Users are confused by things they don't understand!
5) Preventing Spoofs from Untrusted Sources (Signing roles needed)
Bad MUA design is bad!
--
J.D. Falk, Anti-Spam Product Manager
Yahoo! Communications Platform Team
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html