ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] ISSUE 1525 -- Clarification about posting by first Author

2008-01-18 09:48:23
Indeed.  Does this mean you agree that SSP only applies to unsigned 
messages?  (Actual non-rhetorical question.)

I would agree here, except for one consideration. It makes it possible
to trivially bypass someone's policy by inserting a completely bogus
signature in all messages claiming to be from them. If anyone has a good
suggestion for how to tell the difference between a signature broken in
transit and one just made up ...

As far as DKIM is concerned, there is no difference between a broken
signature and no signature.  A message that arrives with a bogus
signature is unsigned.

R's,
John


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>