On Thu, 8 Nov 2007, Hector Santos wrote:
Attackers will be able to create a FAILED fascimile of a primary domain
DKIM complete message and as long as the primary has a t=y policy, the
attackers need not worry about HASH PERFECTION - it just randomly
creates a signature with a junk hash because the t=y will promote a
IGNORE FAILURE concept.
OK so in fact the complaint is "t=y is dangerous", not "a hacker could
insert t=y into someone's policy" (which is what you originally said).
There are other people here who can debate that as well as or better than
I so I'll yield.
In sticking to the Subject: of this thread, no, this was not discussed at
the Interop event. SSP was determined early on to be out-of-scope for our
tests. We were focusing only on RFC4871 itself.
It was felt, though, that SSP might be the subject of a future Interop
event once the draft has become an RFC (or, perhaps, multiple proposals
are available).
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html