Douglas Otis wrote:
On Aug 16, 2006, at 2:01 PM, Jim Fenton wrote:
Now suppose that isp.net also hosts some mailing lists. An attacker
spoofs a message from user(_at_)author(_dot_)com to some mailing list which
will
accept a message from that address. The mailing-list re-signs its
messages by applying a signature from isp.net. The verifier will
look at this signature and incorrectly conclude that it's a
first-party signature, while in fact it's a third-party signature on
behalf of the list.
There are many cases where a bad actor could spoof an
user(_at_)author(_dot_)com
address sent from isp.net. When isp.net does not use account specific
authentication, or ensure that email-addresses are permitted only
after a verification of the account being able to receive at that
email-address, then these would be other cases where a problem could
exist.
What you're describing are all things that isp.net could do by using the
right protocols, e.g., authenticated submission. What I'm describing is
a weakness in the protocol that can't be fixed that way.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html