ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] NO DKIM "POLICY"

2009-02-19 18:38:38
By design, a broken signature is equivalent to no signature.

Yeah, that RFC 4871 anomaly "Failure Promotion to no signature" always
did baffled me.

If either one were "better", attackers would just shift to the better
one.  It's simple enough to use no signature at all, if no signature
is better than a broken one.  Similarly, it's easy to fake a signature
if that way be better.

Making the cases equivalent means we don't have to try to deal with
convoluted heuristics that will only be attacked anyway.

But that's really a digression; please, let's not clutter the
discussion with that issue again.

Barry
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html