-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Douglas Otis
Sent: Tuesday, April 27, 2010 12:18 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists
should strip DKIM signatures
While messages with intact DKIM signatures of financial institutions
offers reasonable protection, acceptance of broken signatures validated
by some third-party's authentication-results header would impose
significant risk. Any mailing list that does remove
authentication-results headers would provide easy exploits of X.
True, if you ignore the main point that got this started: Z trusts Y to do
authentication properly and make correct assertions via Authentication-Results.
The "trust" here has been established out-of-band. In essence, then, Z treats
what Y is saying as always true because of some audit that was done on the work
done at Y.
I didn't suggest this should be generally true.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html