Re: [ietf-dkim] Re: making SSP useless in one short step

ietf-dkim

Re: [ietf-dkim] Re: making SSP useless in one short step

2007-12-05 15:28:28

John Levine wrote:

From: mike(_at_)mtcc(_dot_)com
DKIM-Signature: i=foo(_at_)hacker(_dot_)com;
Subject: phish is yummy

If you're going to say that this signature qualifies as acceptable for
the above SSP record, then you have created a security hole that renders
SSP utterly useless.


It rather depends on my opinion of hacker.com.  I agree that
signatures from unknown domains are uninteresting, something that's
the same with or without SSP.  But if I have reason to trust
hacker.com, I'm done, I'm not going to check anything else.


  Yes, but that should be outside of the scope of SSP. I think
  we are agreeing though even if it pains both of us :)

                Mike
_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[ietf-dkim] Re: making SSP useless in one short step, (continued) [ietf-dkim] Re: making SSP useless in one short step, Michael Thomas Re: [ietf-dkim] Re: making SSP useless in one short step, Hector Santos Re: [ietf-dkim] Re: making SSP useless in one short step, Dave Crocker Re: [ietf-dkim] Re: making SSP useless in one short step, Scott Kitterman Re: [ietf-dkim] Re: making SSP useless in one short step, Arvel Hathcock [ietf-dkim] Putting away the SSP Crystal Ball, Patrick Peterson Re: [ietf-dkim] Putting away the SSP Crystal Ball, Dave Crocker Re: [ietf-dkim] Putting away the SSP Crystal Ball, Scott Kitterman [ietf-dkim] Does nobody or everybody want SSP?, Patrick Peterson Re: [ietf-dkim] Re: making SSP useless in one short step, John Levine Re: [ietf-dkim] Re: making SSP useless in one short step, Michael Thomas <= Re: [ietf-dkim] Re: making SSP useless in one short step, Arvel Hathcock [ietf-dkim] Issue #1512: Re: making SSP useless in one short step, Jim Fenton [ietf-dkim] Re: Issue #1512: Re: making SSP useless in one short step, Michael Thomas Re: [ietf-dkim] Re: Issue #1512: Re: making SSP useless in one short step, John Levine Re: [ietf-dkim] Re: Issue #1512: Re: making SSP useless in one short step, Dave Crocker Re: [ietf-dkim] Re: Issue #1512: Re: making SSP useless in one short step, Arvel Hathcock Re: [ietf-dkim] Re: Issue #1512: Re: making SSP useless in one short step, Jim Fenton Re: [ietf-dkim] Re: Issue #1512: Re: making SSP useless in one short step, John L Re: [ietf-dkim] Re: Issue #1512: Re: making SSP useless in one short step, Jeff Macdonald Re: [ietf-dkim] Re: Issue #1512: Re: making SSP useless in one short step, John L

Previous by Date:	Re: [ietf-dkim] making SSP useless in one short step, Scott Kitterman
Next by Date:	[ietf-dkim] [psg.com #1519] [Comment] SSP-01 Unnecessary constraint on i= when asserting "strict" // correction, Douglas Otis
Previous by Thread:	Re: [ietf-dkim] Re: making SSP useless in one short step, John Levine
Next by Thread:	Re: [ietf-dkim] Re: making SSP useless in one short step, Arvel Hathcock
Indexes:	[Date] [Thread] [Top] [All Lists]