ietf-dkim
[Top] [All Lists]

Re: MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues

2007-06-07 08:20:57
No, this doesn't change the semantics of DKIM-BASE.  The DKIM-Base
"ignore failures" philosophy is basically "an invalid signature is
exactly the same as no signature at all:  no better and no worse."  What
we're talking about is how the missing/invalid signature case is handled.

-Jim

The document already covers this case. It assumes that anyone doing so
must be a bad actor. Says nothing about good players doing it on
purpose :-)


8.7.  Intentionally Malformed Key Records

 It is possible for an attacker to publish key records in DNS that are
 intentionally malformed, with the intent of causing a denial-of-
 service attack on a non-robust verifier implementation.  The attacker
 could then cause a verifier to read the malformed key record by
 sending a message to one of its users referencing the malformed
 record in a (not necessarily valid) signature.  Verifiers MUST
 thoroughly verify all key records retrieved from the DNS and be
 robust against intentionally as well as unintentionally malformed key
 records.

Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>