Sounds like you agree with me. :)
Its incomplete security analysis and if you going to touch base with
it regarding one attack method you need to take about the others, like
I shown here:
http://mipassoc.org/pipermail/ietf-dkim/2010q4/014802.html
This shows its not only a matter of bad messages, but also bypassing
existing RFC 5322 checking.
Is this not important?
It clearly shows that DKIM needs to check its own DKIM requirements
and not rely on other layer.
Verification is not even mentioned in this new section.
Why not?
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html