Wietse Venema wrote:
If the verifier gives different treatments to different types of
"other", then the bad guys will exploit the verifier's behavior.
Applying equal treatment should be done across the board, the valid and
invalid, not just for the so called "elite" messages.
It is with the exceptions and relaxed provisions where exploitation will
take place, the FSUSP (FAILED SIGNATURE UNSIGNED STATUS PROMOTION) is
one of them.
Of course, this was pointed out to the yahoo guy in a similar thread
last year where verifiers might give different "reputation" treatments
to valid DKIM messages. This will also have the same exploitation factor
- XYZ domain signs up with ABC Reputation house, XYZ domain is now
spoofed everywhere else due it is "credentials."
--
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html