ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders

2008-02-14 12:46:16
from [Michael Thomas] [Permanent Link] 
Wietse Venema wrote:

John Levine wrote:

Trying to forbid random other third party signatures is, as I expect
you'd agree, just silly.


J D Falk:

And yet, treating any random third party signature as if it's just as
valid as a first party signature is, as I expect you'd agree, the kind
of security issue that would cause someone to stand up on a chair and
shout "DKIM will never be useful for anything, and you people all suck
toads!"

Yet another reason to leave 3rd party signatures (and toad-sucking) out
of scope, I suppose.


Siegel, Ellen:

Explicitly out of scope. Because not all 3rd party signatures on email
are "random", and there are a number of valid use cases that include
them. 

+1. This horse is dead and stays dead.


I like a quote that I think I once heard attributed to Usenet:

"a stain in the middle of the road where once laid a dead horse"

                Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] NEW ISSUE: SSP-02: Policy Scope, Douglas Otis
Next by Date:  Re: [ietf-dkim] NEW ISSUE: SSP-02: Policy Scope, Douglas Otis
Previous by Thread:  Re: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders, Wietse Venema
Next by Thread:  Re: [ietf-dkim] NEW ISSUE: Security Threat: Unexpected ThirdPartySenders, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]