ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] SSP Responsibility Delegation - Security Concerns

2006-08-17 11:57:03
from [Michael Thomas] [Permanent Link] 
Scott Kitterman wrote:


On Thursday 17 August 2006 11:44, Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:

Big gaping hole, I may assume that isp.com can determine the
author/originator but how to differentiate or not sign a spoof?
It gets back to is the signer controlled or uncontrolled. Only a controlled signer is suitable for SSP delegation (this would be a contractual matter between the ISP and their customers).
If that's really the case, I'm not sure why this idea has any merit at all because 
we already have the means to do controlled delegation using NS records, and
it doesn't tickle any of these problems.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] SSP Responsibility Delegation - Security Concerns, Michael Thomas
Next by Date:  [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Dave Crocker
Previous by Thread:  Re: [ietf-dkim] SSP Responsibility Delegation - Security Concerns, Scott Kitterman
Next by Thread:  Re: [ietf-dkim] SSP Responsibility Delegation - Security Concerns, Jim Fenton
Indexes:  [Date] [Thread] [Top] [All Lists]