ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders

2008-02-14 09:12:04
from [Wietse Venema] [Permanent Link] 
John Levine wrote:

Trying to forbid random other third party signatures is, as I expect
you'd agree, just silly.


J D Falk:

And yet, treating any random third party signature as if it's just as
valid as a first party signature is, as I expect you'd agree, the kind
of security issue that would cause someone to stand up on a chair and
shout "DKIM will never be useful for anything, and you people all suck
toads!"

Yet another reason to leave 3rd party signatures (and toad-sucking) out
of scope, I suppose.


Siegel, Ellen:

Explicitly out of scope. Because not all 3rd party signatures on email
are "random", and there are a number of valid use cases that include
them. 


+1. This horse is dead and stays dead.

        Wietse
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders, Siegel, Ellen
Next by Date:  Re: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders, Hector Santos
Previous by Thread:  RE: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders, Siegel, Ellen
Next by Thread:  Re: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders, Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]