Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc.
2006-03-16 10:31:21
Michael Thomas wrote:
John L wrote:
We are concerned about phishing attacks against Cisco employees via
spoofs purporting to come from Cisco itself.
Oh, OK, then your trusted signer list includes cisco.com.
Not really, unless you consider SSP to be a "trusted signer list".
1. SSP is not in the base specification
2. SSP is not a stable specification.
So, citing SSP as if it were somehow an authority for this issue is both
formally and technical inappropriate. Formally because you are treating it as
basic law when it is neither basic nor law. Technically because that aspect of
SSP really is defining special semantics for certain domains, and *that* is most
certainly defining a list.
Mail from this list won't validate, you know, and I doubt that many
others will, but I know I'm not going to make any headway in that
direction.
Every piece of mail I've sent this morning has validated. Really.
Given that this mailing list messes with the Subject line, a successful
validation requires implementing mechanism that goes far beyond the
specification. That that enhancement might be useful is not the point. The
point that it is not in the wg spec.
In any event, Cisco will have to decide whether the actual cost of
forbidding their employees to participate in lists that break
signatures outweighs the theoretical benefits of blocking list-borne
phishes. If it does, you might consider adding known well-behaved
list hosts to your trusted signer list. I suspect you won't have to
compile that list on your own, since we all plan to add them to our
lists, too.
We have no "trusted signer list". And we're not forbidding anything,
though other companies may and not blink an eye.
Your description of the handling of signatures and non-signatures for messages
having rfc2822.From addresses containing cisco.com is a wonderfully classic,
functional definition of a trusted signer list.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., (continued)
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., Dave Crocker
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., Barry Leiba
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., Arvel Hathcock
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., william(at)elan.net
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., John Levine
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., Hector Santos
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., Tony Hansen
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., Michael Thomas
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., Tony Hansen
- Re: [ietf-dkim] Re: Concerns about DKIM and mailiing lists, etc., Dave Crocker
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc.,
Dave Crocker <=
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc., John Levine
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc., Michael Thomas
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc., Douglas Otis
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, etc., John Levine
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, Mark Delany
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, Hector Santos
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, Barry Leiba
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, Dave Crocker
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, Michael Thomas
- Re: [ietf-dkim] Concerns about DKIM and mailiing lists, Dave Crocker
|
|
|