-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Frank Ellermann
Sent: Friday, June 27, 2008 4:00 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: [ietf-dkim] ADSP takes DNS down,film(_at_)11 (was: bot-net concern
explained)
The relevant concern is whether a bad actor can influence
the PRA
Bad actors pick whatever PRA, 2822-From, HELO, or MAIL FROM
suits them. It's the job of v=spf1, spf2.0/pra, or ADSP to
defeat that.
And spf2.0/pra fails to do that. The requirement to set PRA to the
sender field if a proper one exists bypasses the SPF record intentions
of the domain represented in the RFC2822 From field email address. It is
rather trivial to game PRA to get a neutral for any particular piece of
"bad" email. But what does this have to do with DKIM and ADSP other than
the suggestion at an earlier point in the process to use the sender
field?
Or an ADSP signature. Bad actors do with their addresses
what they like, the idea of v=spf1, spf2.0/pra, or ADSP is
that they can't do this with FAIL-protected addresses (for
FAIL read "suspicious", "locked", "discardable", or the
term du jour used in ADSP).
Actually, with spf2.0/pra they can by avoiding the FAIL on the From by
getting NEUTRAL on the Sender.
I'm tired and I'm just going to avoid dealing with the rest of Franks
post.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html