On 10/14/2010 10:15 AM, John R. Levine wrote:
If you really think this is such a great big problem, maybe you should be
banging the drums at MAAWG or other venues where the correct set of ears
is potentially listening.
I would rather not have to run a session at MAAWG entitled "How to fix the
security holes in DKIM", but I certainly could.
Am I really the only person who wants to be able to whitelist mail signed
with known good signatures, drop it into user inboxes and expect
reasonable results with existing MUAs?
I would hope so because this would be a really stupid thing to do.
Without the next line of defense -- virus, malware, spam, phishing --
you'd be setting your users up for big problems. Just because it's
DKIM signed from a good source doesn't mean it's not still evil.
That's why all of this hand wringing is silly.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html