ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] draft-ietf-dkim-mailinglists-02 review

2010-09-10 18:49:53


"Steve Atkins" <steve(_at_)wordtothewise(_dot_)com> wrote:


On Sep 10, 2010, at 3:46 PM, Scott Kitterman wrote:

On Friday, September 10, 2010 06:37:46 pm Steve Atkins wrote:
On Sep 10, 2010, at 2:31 PM, Scott Kitterman wrote:


I don't think it inoculates them against ADSP problems - rather
it opens them up to violations of the security model that ADSP
would like to impose.

This is only true if John is wrong and mailing lists are a vector that we 
need 
to worry about.  


Doing what you suggest would avoid the problems of legitimate
email being discarded due to ADSP/mailing list interactions at
the cost of allowing phishers to send email "from" a sender
violating the ADSP security model simply by pretending to be
a mailing list.

I happen to generally agree with him on this.

Me too. But you're breaking the ADSP security model for all
email with your suggestion. Note that neither of the examples
I gave involved me sending a phishing email via a mailing
list.

I don't think it breaks it. It avoids it and I think that's fine.

Whatever limited value ADSP provides, it is only relevant to exact domain 
phishing.  What we are describing is a putative weakness that's already beyond 
it's design scope.

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>