ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll)

2007-03-01 06:50:43
from [Wietse Venema] [Permanent Link] 
Charles Lindsey:

On Wed, 28 Feb 2007 13:21:55 -0000, Hector Santos 
<hsantos(_at_)santronics(_dot_)com>  
wrote:


There are three basic outcomes with a message:

    VALID SIGNATURE
    INVALID SIGNATURE
    NO SIGNATURE


No, there are four basic outcomes with a message. You omitted

       UNVERIFIABLE SIGNATURE

which just happens to be the one that this thread is all about.


On a friendly internet with only cooperating parties, this might
make sense.  But the world has changed. With today's internet it
would be a fundamental mistake to make more distinctions than:

    the signature was verified
    other

If the verifier gives different treatments to different types of
"other", then the bad guys will exploit the verifier's behavior.

The solution to the problem is not to complicate the protocol, but
to avoid the mistake of giving different treatments to different
types of "other".

        Wietse
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Deployment Scenario 7: Cryptographic Upgrade and Downgrade Attacks, Charles Lindsey
Next by Date:  RE: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Bill.Oxley
Previous by Thread:  Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Charles Lindsey
Next by Thread:  RE: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Bill.Oxley
Indexes:  [Date] [Thread] [Top] [All Lists]