On 28 Jul 2006, at 11:55 AM, John L wrote:
If you give your keys to untrustworthy third parties, all bets
are off. No amount of extra protocol goop is going to change that.
Scott has raised a different concern. An ISP may not restrict
what From is used when signing with the ISP's domain.
In what sense is an ISP who signs mail from random senders who
happen to forge your domain not an untrustworthy third party?
I would refer to them as an untrustworthy second party, myself.
It's kinda like saying what happens if the manager of the hotel
you're staying at gives the key to your room to someone else. Yes,
this is a problem. However, it's beyond the scope of the lockmaker.
Jon
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html