ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] New Version Notification for draft-levine-dbr-00(fwd)

2010-06-23 08:15:25
Since Amazon set it up in the first place, wouldn't they be keenly aware of the 
service signing issues?

Mute point if they understand what they are doing. 


Regards,
Damon Sauer. 

Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Douglas Otis <dotis(_at_)mail-abuse(_dot_)org>
Sender: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
Date: Tue, 22 Jun 2010 17:37:26 
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Subject: Re: [ietf-dkim] New Version Notification for draft-levine-dbr-00
 (fwd)

On 6/22/10 5:07 PM, John Levine wrote:
Not quite, it's a third party's assertions that are somewhat but not really
like ADSP

As far as I know Amazon doesn't make any ADSP assertions, but it is my
impression that they sign all their transactions with DK or DKIM, and
they're certainly a phish target, so it would be reasonable to drop
unsigned Amazon mail anyway.
   
What happens when Amazon has a service using a parent signature?  As a 
result of a third-party vouching service, their messages might be 
discarded, and they won't become aware of the issue until damage is wide 
spread.   TINLA, but it seems having a service advocating for the 
discard of someone elses's email could be a liability.  How does one 
determine whether a vouching service is authoritative for the domain in 
question?  Please don't say use another vouching service, because the 
issue is _who_ should decide whether a message must have a valid 
Author-Domain signature or be discarded.

-Doug





_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>