ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] who's using l=

2009-06-01 13:14:36
Barry Leiba wrote:
I think this is an important question for us to answer as we decide
what to do with it in 4871bis work, and I'd like to see some answers
either way (including "We don't sign with it.")  I'd especially like
to hear what verifiers do if it's present and it doesn't cover the
whole message: what do you do with the part of the message past the
specified length?

So, please, don't be silent on this thread.  But also, please only
talk about what implementations *are doing*, not what they might
hypothetically do.  Thanks.
  
For about the 100th time...

At Cisco, our implementation was built to be able to detect "spear phishing"
attacks. That is, mail that is forged that purports to come from 
internal sources
with the object of tricking people into giving proprietary information.

To accomplish this, we mandated that all mail from Cisco would be
signed, and that we'd annotate any mail incoming to Cisco whose message
did not verify ("Danger Will Robinson!").

Mailing lists in particular would generate lots of false positives and 
pretty
much make the whole scheme useless. However, with the use of l= and
other methods our mailing list verify rate was >90% which was acceptable.

We justified and built the entire DKIM effort at Cisco based on this use.
If you remove l= and other options, you will destroy this use of DKIM. I'll
add that this is a *direct* tangible benefit of DKIM that you'll be 
destroying.


       Mike
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>