Re: [ietf-dkim] Issue #1521: Limit the application of SSP to unsigned me

ietf-dkim

Re: [ietf-dkim] Issue #1521: Limit the application of SSP to unsigned messages

2007-12-11 12:09:38

Dave Crocker wrote:



Jim Fenton wrote:

As others have noted, bypassing SSP based on a valid signature from any
arbitrary domain permits a trivial attack:  attackers could sign
messages using throw-away domains they control.

The 'threat' that you are citing is for a signed message,

> which means that there is a verifiable, accountable
> identity associated.  That identity will have a reputation.

What proof do you have to validates the assertion?

       "That identify will have a reputation."

How is "reputation" defined and how does the generalized network emailinfrastructure reach that conclusion without resorting to 3rd partyTrust Services?


--
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com

_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned messages, (continued) Re: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned messages, Dave Crocker [ietf-dkim] Re: NEW ISSUE: Limit the application of SSP to unsignedmessages, Frank Ellermann Re: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned messages, Eliot Lear Re: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned messages, Michael Thomas Re: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned messages, Eliot Lear RE: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsignedmessages, Bill.Oxley Re: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsignedmessages, Tony Hansen Re: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned messages, Michael Thomas Re: [ietf-dkim] Issue #1521: Limit the application of SSP to unsigned messages, Jim Fenton Re: [ietf-dkim] Issue #1521: Limit the application of SSP to unsigned messages, Dave Crocker Re: [ietf-dkim] Issue #1521: Limit the application of SSP to unsigned messages, Hector Santos <= Re: [ietf-dkim] Issue #1521: Limit the application of SSP to unsigned messages, Douglas Otis Re: [ietf-dkim] Issue #1521: Limit the application of SSP to unsigned messages, Douglas Otis [ietf-dkim] Re: Issue #1521: Limit the application of SSP to unsignedmessages, Frank Ellermann Re: [ietf-dkim] Re: Issue #1521: Limit the application of SSP to unsignedmessages, Michael Thomas

Previous by Date:	Re: [ietf-dkim] NEW ISSUE: Restriction to posting by first Author breaks email semantics, Mark Martinec
Next by Date:	[ietf-dkim] Re: Issue #1521: Limit the application of SSP to unsignedmessages, Frank Ellermann
Previous by Thread:	Re: [ietf-dkim] Issue #1521: Limit the application of SSP to unsigned messages, Dave Crocker
Next by Thread:	Re: [ietf-dkim] Issue #1521: Limit the application of SSP to unsigned messages, Douglas Otis
Indexes:	[Date] [Thread] [Top] [All Lists]