There are much easier ways to do a dos attack.
/d
--
Dave Crocker
bbiw.net
------- Original Message -------
From: Eliot Lear <lear(_at_)cisco(_dot_)com>
To: Murray Kucherawy <msk(_at_)cloudmark(_dot_)com>
Sent: 02-Jun-09, 10:59:30 AM
Subject: Re: [ietf-dkim] RFC4871bis - whether to drop -- k: Key type
On 6/2/09 7:41 PM, Murray Kucherawy wrote:
So if a=rsa-sha256, then the key I get from issuing a query based on
s= and d= will be an RSA key, or it will fail to verify. What k= offers is
somewhat redundant except for the fact that I can avoid the crypto overhead
if I can detect early on that it won't work anyway.
That's an important point, in the case of a DOS attack. The next
question is whether anybody implements it as such?
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html