ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Possible exploit of DKIM

2008-11-02 13:18:40
Thiyaga:
Hi Wietse,

Thanks a lot for your comments!

This looks like a standard replay attack.  Such technique can't be
used to send SPAM on behalf of domains that don't sign SPAM (e.g.,
porcupine.org).  If a domain is willing to sign SPAM, then they
deserve that all their messages are handled with great prejudice.


Yes, I agree. It can't be used to send SPAM on behalf of domains that
don't sign SPAM.

But if it signs SPAM unknowingly (which may happen in large ISPs --

If a domain is willing to sign SPAM, then they deserve that all
their messages are handled with great prejudice.

DKIM provides domain-level signatures. It is not a replacement for
user-level authentication systems such as S/MIME or PGP.

        Wietse
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html