Stephen Farrell wrote:
How would this Exclusive (I am the only one to sign) SSP policy DoS
work and
if so, why would not there be a defense?
Right now, I'd mostly be concerned about the accidental DoS
where some intermediary also signs. However, I guess if
someone could control mail routing from one of the outbound
(untrusted) MTAs then they could send the mail via an innocent
signer in order to affect the mail, without being easily blamed.
I guess if you could bring down some connection then you
might be able to get mail re-routed from outside.
I don't think this is an entirely far-fetched scenario either: suppose
that the receiving domain as a matter of course signed everything
incoming as sort of an authenticated received header function. In
that case it would always fail even in a supposed "point-to-point"
mode. I'm guessing that's probably not what the sender had in mind.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html