On 10/11/2010 3:05 PM, Wietse Venema wrote:
If you believe that sending mail with a valid bad guy signature is
an interesting attack on DKIM, then that implies that you're willing
to believe mail that is signed by arbitrary strangers.
Well...
But it's not an attack on DKIM.
It's not really an 'attack' on anything, but the most one could claim is that
it's an attack on the recipient's reputation data base, or failure to use one.
The DKIM part is used correctly and works fine. So there's no 'attack'.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html