Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll)

ietf-dkim

Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll)

2007-03-01 19:04:29

Hector Santos:

Wietse Venema wrote:

If the verifier gives different treatments to different types of
"other", then the bad guys will exploit the verifier's behavior.


Applying equal treatment should be done across the board, the valid and 
invalid, not just for the so called "elite" messages.

It is with the exceptions and relaxed provisions where exploitation will 
take place, the FSUSP (FAILED SIGNATURE UNSIGNED STATUS PROMOTION) is 
one of them.


Perhaps I wasn't clear enough.

When a DKIM verifier gives unequal treatment to any of the following:

- no signature
- broken signature
- unsupported signature
- other failure

Then the bad guys will send their forged mail in the way that receives
the most favorable treatment.

        Wietse
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Charles Lindsey Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Wietse Venema RE: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Bill.Oxley Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Dave Crocker Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Steve Atkins Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Jeff Macdonald Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Arvel Hathcock Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Wietse Venema <= Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Michael Thomas Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Scott Kitterman Message not available Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), John Levine Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Charles Lindsey Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Wietse Venema Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Steve Atkins [ietf-dkim] Re: Additional lookups, Frank Ellermann

Previous by Date:	Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos
Next by Date:	Re: [ietf-dkim] Re: Additional lookups, Hector Santos
Previous by Thread:	Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos
Next by Thread:	Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Michael Thomas
Indexes:	[Date] [Thread] [Top] [All Lists]