ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] ISSUE: 4871bis-02 - Section 8.14 comments

2010-10-12 20:08:30
from [Hector Santos] [Permanent Link] 
Sounds like you agree with me. :)

Its incomplete security analysis and if you going to touch base with 
it regarding one attack method you need to take about the others, like 
I shown here:

   http://mipassoc.org/pipermail/ietf-dkim/2010q4/014802.html

This shows its not only a matter of bad messages, but also bypassing 
existing RFC 5322 checking.

Is this not important?

It clearly shows that DKIM needs to check its own DKIM requirements 
and not rely on other layer.

Verification is not even mentioned in this new section.

Why not?


-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] ISSUE: 4871bis-02 - Section 8.14 comments, Jim Fenton
Next by Date:  Re: [ietf-dkim] ISSUE: 4871bis-02 - Section 8.14 comments, Murray S. Kucherawy
Previous by Thread:  Re: [ietf-dkim] ISSUE: 4871bis-02 - Section 8.14 comments, Jim Fenton
Next by Thread:  Re: [ietf-dkim] ISSUE: 4871bis-02 - Section 8.14 comments, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]