Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll)

ietf-dkim

Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll)

2007-03-01 19:56:59

On Thursday 01 March 2007 21:00, Wietse Venema wrote:

Hector Santos:

Wietse Venema wrote:

If the verifier gives different treatments to different types of
"other", then the bad guys will exploit the verifier's behavior.


Applying equal treatment should be done across the board, the valid and
invalid, not just for the so called "elite" messages.

It is with the exceptions and relaxed provisions where exploitation will
take place, the FSUSP (FAILED SIGNATURE UNSIGNED STATUS PROMOTION) is
one of them.


Perhaps I wasn't clear enough.

When a DKIM verifier gives unequal treatment to any of the following:

- no signature
- broken signature
- unsupported signature
- other failure

Then the bad guys will send their forged mail in the way that receives
the most favorable treatment.


Absolutely +1.

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), (continued) RE: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Bill.Oxley Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Dave Crocker Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Steve Atkins Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Jeff Macdonald Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Arvel Hathcock Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Wietse Venema Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Michael Thomas Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Scott Kitterman <= Message not available Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), John Levine Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Charles Lindsey Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Wietse Venema Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Steve Atkins [ietf-dkim] Re: Additional lookups, Frank Ellermann Re: [ietf-dkim] Re: Additional lookups, Arvel Hathcock Re: [ietf-dkim] Re: Additional lookups, Hector Santos Re: [ietf-dkim] Re: Additional lookups, Charles Lindsey [ietf-dkim] Re: Additional lookups, Frank Ellermann

Previous by Date:	Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos
Next by Date:	Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos
Previous by Thread:	Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos
Next by Thread:	Re: Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll), Hector Santos
Indexes:	[Date] [Thread] [Top] [All Lists]