Dave Crocker wrote:
Jim Fenton wrote:
As others have noted, bypassing SSP based on a valid signature from any
arbitrary domain permits a trivial attack: attackers could sign
messages using throw-away domains they control.
The 'threat' that you are citing is for a signed message,
> which means that there is a verifiable, accountable
> identity associated. That identity will have a reputation.
What proof do you have to validates the assertion?
"That identify will have a reputation."
How is "reputation" defined and how does the generalized network email
infrastructure reach that conclusion without resorting to 3rd party
Trust Services?
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html