ietf-dkim
[Top] [All Lists]

[ietf-dkim] Re: Collection of use cases for SSP requirements

2006-11-13 13:06:21
Charles Lindsey wrote:

you have to define a communication protocol to convey this
information from the verifier/whitelist-looker-up/whatever
to the MUA that the Bad Guys cannot spoof.

Yes, that point is hidden near the end of the WG Charter:

| Once the primary goals are met, the DKIM working group may
| also study whether to adopt a work item for specifying a
| common mechanism to communicate the results of message
| verification to the message recipient. The generation of a
| standards-track specification on this topic will require an
| update to the DKIM working group charter.

One proposal in that direction is
http://www3.tools.ietf.org/html/draft-kucherawy-sender-auth-header

It can't go in the body, because I read all my mail as plain
text, and drop HTML on sight as being sure evidence of spam.

You might miss some interesting articles on mailing lists with
that strategy.  Admittedly I do press Del very fast if it uses
some less than 8 points font in blue "style" (with font-tags,
I won't see similar CSS-follies).

You can't do it in the headers, because Bad Guys can write
headers too.

They have serious difficulties to add their forgeries _above_
the timestamp line of your favourite DKIM-verifier.

Frank


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>