On Thu, 16 Sep 2010 00:45:09 +0100, Hector Santos <hsantos(_at_)isdg(_dot_)net>
wrote:
Filename: draft-lindsey-dkim-mailinglists
Abstract:
It is proposed that a Mailing List Manager (MLM) may, under
certain circumstances, replace the From header field of a message
before forwarding it in order to prevent its being discarded by
over-zealous DKIM verifiers/receivers.
Real good Charles.
My nit would be it lacks a security section. I think you need to
provide a rational why this proposal ... whats the proper word here,
pick one
violates, ignores, skips, circumvents
the security framework policy attempts to provide for the author domain?
But I don't think it does. You don't do any of the things I am suggesting
unless you have already established there was a valid author doain
signature when it arrived, AND created an A-R to record the fact AND
re-signed.
Of course if you are a malicious MLM, you might have invented the whole
thing, but that is already possible.
There are already plenty of phishes coming from
ebay(_at_)ebay(_dot_)com(_dot_)cn, so one
coming from ebay%ebay(_dot_)com(_at_)mlm(_dot_)cn(_dot_)
So I don't see that I have created any security loophole that was not
already there.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html