ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] the more reliable signature fallacy

2008-01-23 14:17:53
from [John Levine] [Permanent Link] 
From my reading, I would assert that it is logical that the check
MUST be made if there is no valid signature on behalf of the from
address. To do otherwise invites abuse.


Why?  Nobody I know is saying that any signature gives a message a
free pass, but if it's signed by someone you have reason to trust,
why aren't you done?  Could you give us a step-by-step example of
the abuse you're anticipating?

Assume that the signature is from someone you've known and trusted for
20 years, and you've never heard of the From: domain before.

R's,
John


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: Seriously., Jon Callas
Next by Date:  Re: [ietf-dkim] Seriously., Hector Santos
Previous by Thread:  RE: [ietf-dkim] Seriously., MH Michael Hammer (5304)
Next by Thread:  RE: [ietf-dkim] the more reliable signature fallacy, MH Michael Hammer (5304)
Indexes:  [Date] [Thread] [Top] [All Lists]