On Wed, 16 Jan 2008 18:56:35 -0000, J D Falk <jdfalk(_at_)returnpath(_dot_)net>
wrote:
Michael Thomas wrote:
Frank Ellermann wrote:
If "SSP strict" is bound to the "first author" it's DOA. :-(
DOA. It might be helpful to get a sense of proportion here as this
issue is so many angels on a pinhead in the real world.
The real world doesn't have multiple from addresses regardless of what
unearthed arcana somebody found in rfc2822.
+1
Let's design SSP for the real world.
-1
The Real World is full of Bad Guys. Currently, multiple From addresses are
rare, but if the Bad Guys discover that using multiple From addresses
suits their ends then they will suddenly become quite common.
I am worried about that 'visasecuriy' example. I don't think it exposed a
loophole as it stood, but I am very worried that something similar might
let the Bad Guys through. We need to be thinking about that.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html