Jim Fenton wrote:
As others have noted, bypassing SSP based on a valid signature from any
arbitrary domain permits a trivial attack: attackers could sign
messages using throw-away domains they control.
It's a shame we don't have an SSP threats analysis, so that this concern could
be placed in context.
The 'threat' that you are citing is for a signed message, which means that
there is a verifiable, accountable identity associated. That identity will
have a reputation.
It seems that concern for the attack that you cite needs to satisfy a couple
of preconditions:
1. Clear statement of what it is application of an SSP publication MUST
achieve. Otherwise, we cannot evaluate failing to achieve through such an attack.
2. Explanation of the reason that having a verifiable, accountable identity is
insufficient.
3. Consideration of the relative costs in protecting against this attack.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html