Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decisio

ietf-dkim

Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision

2006-08-22 17:09:37

from [Damon]

But there is a residual problem.  Suppose jdoe(_at_)mipassoc(_dot_)org is a
subscriber to this list and someone spoofs a message from
jdoe(_at_)mipassoc(_dot_)org to the list.  ietf-dkim(_at_)mipassoc(_dot_)org 
accepts the
message and sends it to isp.com, their Authorized Signing Domain, and it
is signed and sent.  Is the signature from jdoe (the author) or
ietf-dkim (the mailing list)?  Without Authorized Signing Domains, you
could tell by looking at the local-part of i=.  But now you can't.  I
think this is an important distinction, even if it only applies in a
subset of use cases.

-Jim


Should mailing lists sign messages?
If they did, wouldn't it be a 3rd party sig?
If we were able to say "No third party can sign for me" it would stop the spoof.

Regards,
Damon Sauer
_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] Delegating responsibility: a make vs. buy designdecision, (continued) Message not available Re: [ietf-dkim] Delegating responsibility: a make vs. buy designdecision, Hector Santos Message not available Re: [ietf-dkim] Delegating responsibility: a make vs. buy designdecision, Hector Santos Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Scott Kitterman Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Michael Thomas Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Scott Kitterman Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Michael Thomas Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Scott Kitterman Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Jim Fenton Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Scott Kitterman Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Jim Fenton Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Damon <= Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Graham Murray Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Jim Fenton Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Scott Kitterman Re: [ietf-dkim] Delegating responsibility: a make vs. buy designdecision, Hector Santos Re: [ietf-dkim] Delegating responsibility: a make vs. buy designdecision, Hector Santos [ietf-dkim] Where to look for the signing practice, Jim Fenton [ietf-dkim] Re: Where to look for the signing practice, Scott Kitterman [ietf-dkim] Re: Where to look for the signing practice, Hector Santos RE: [ietf-dkim] Delegating responsibility: a make vs. buy designdecision, Bill.Oxley Re: [ietf-dkim] Delegating responsibility: a make vs. buy designdecision, Scott Kitterman

Previous by Date:	Re: [ietf-dkim] Bayesian filters are the pits, J.D. Falk
Next by Date:	Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Damon
Previous by Thread:	Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Jim Fenton
Next by Thread:	Re: [ietf-dkim] Delegating responsibility: a make vs. buy design decision, Graham Murray
Indexes:	[Date] [Thread] [Top] [All Lists]