ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: making SSP useless in one short step

2007-12-05 14:29:23
from [John Levine] [Permanent Link] 
From: mike(_at_)mtcc(_dot_)com
DKIM-Signature: i=foo(_at_)hacker(_dot_)com;
Subject: phish is yummy

If you're going to say that this signature qualifies as acceptable for
the above SSP record, then you have created a security hole that renders
SSP utterly useless.


It rather depends on my opinion of hacker.com.  I agree that
signatures from unknown domains are uninteresting, something that's
the same with or without SSP.  But if I have reason to trust
hacker.com, I'm done, I'm not going to check anything else.

R's,
John
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Mailing lists as 2822-Sender (was: Responsibility vs. Validity), Hector Santos
Next by Date:  Re: [ietf-dkim] Mailing lists as 2822-Sender (was: Responsibility vs. Validity), Hector Santos
Previous by Thread:  [ietf-dkim] Does nobody or everybody want SSP?, Patrick Peterson
Next by Thread:  Re: [ietf-dkim] Re: making SSP useless in one short step, Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]