Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Dow



Charles Lindsey wrote:
[big snip describing use of Magic s/w]

And then you have sufficient
information to decide whether it had failed because your Magic software
was inadequate, or because it was a bogus signature from a spammer.

Q.E.D.


Not quite. Whatever policy anyone publishes is public. Any spammer
can always replicate everything correctly with the exception of
the signature bits and thus create a message that appears to adhere
to policy but with a broken signature.

Seems to me that that's a *very* good reason to ignore the entire
FAILed signature and not to use any supposedly Magic s/w.

What have I missed?

Stephen.
_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, (continued) Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Jon Callas Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, John Levine Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Charles Lindsey 1368 straw-poll : (was: Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks), Stephen Farrell [ietf-dkim] Re: 1368 straw-poll :, Michael Thomas Message not available [ietf-dkim] Re: 1368 straw-poll :, Michael Thomas Re: 1368 straw-poll : (was: Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks), Jon Callas Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Michael Thomas Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, John Levine Message not available Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Charles Lindsey Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Stephen Farrell <= Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Charles Lindsey Message not available Message not available Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Charles Lindsey Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Michael Thomas RE: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Hallam-Baker, Phillip RE: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Hallam-Baker, Phillip Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Michael Thomas Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Arvel Hathcock Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Arvel Hathcock RE: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Hallam-Baker, Phillip

Re: [ietf-dkim] Deployment Non-Scenario 7: Cryptographic Upgrade and Downgrade Attacks