Steve Atkins wrote:
I recall two suggestions from there. Neither were considered in any
depth.
1. Domain forgery. That's not a "threat". It's an intermediate step, at
most.
2. Phishing.
And phishing has a rather rich terrain. Consideration of which specific
subset will be addressed (hmmm... pun?) by particular SSL features has not
been considered.
Comparing phishing examples of the From mailbox address, versus the remaining
array From display string, Subject line, body content, or use of cousin
domains ought to force rather careful statements of expected effect.
Equally, the references to choices made due to common user interface display
practices has not received analysis, other than the earlier discussions for
DKIM where we agreed not to factor human factors into the design, opting
instead for a focus on receive-side filter engine activity.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html