John Levine wrote:
From: mike(_at_)mtcc(_dot_)com
DKIM-Signature: i=foo(_at_)hacker(_dot_)com;
Subject: phish is yummy
If you're going to say that this signature qualifies as acceptable for
the above SSP record, then you have created a security hole that renders
SSP utterly useless.
It rather depends on my opinion of hacker.com. I agree that
signatures from unknown domains are uninteresting, something that's
the same with or without SSP. But if I have reason to trust
hacker.com, I'm done, I'm not going to check anything else.
Yes, but that should be outside of the scope of SSP. I think
we are agreeing though even if it pains both of us :)
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html