ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders

2008-02-14 08:39:42
from [Siegel, Ellen] [Permanent Link] 



-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of J D Falk

John Levine wrote:


Trying to forbid random other third party signatures is, as I expect
you'd agree, just silly.


And yet, treating any random third party signature as if it's just as
valid as a first party signature is, as I expect you'd agree, the kind
of security issue that would cause someone to stand up on a chair and
shout "DKIM will never be useful for anything, and you people all suck
toads!"

Yet another reason to leave 3rd party signatures (and toad-sucking)

out

of scope, I suppose.


Explicitly out of scope. Because not all 3rd party signatures on email
are "random", and there are a number of valid use cases that include
them. 

Ellen 


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] NEW ISSUE: SSP-02: Policy Scope, Charles Lindsey
Next by Date:  Re: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders, Wietse Venema
Previous by Thread:  Re: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected Third PartySenders, Hector Santos
Next by Thread:  Re: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders, Wietse Venema
Indexes:  [Date] [Thread] [Top] [All Lists]