On Thu, 14 Oct 2010 17:30:42 +0100, Murray S. Kucherawy
<msk(_at_)cloudmark(_dot_)com> wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Charles
Lindsey
Sent: Thursday, October 14, 2010 7:32 AM
To: DKIM
Subject: Re: [ietf-dkim] detecting header mutations after signing
But if there is no valid DKIM signature, the verifier will proceed to do
ADSP checks, and will reject the message if it sees that ebay.com is
'discardable'.
ADSP is a completely separate discussion. We're talking about advancing
DKIM here, not both of them.
ADSP is largely the cause of our troubles. But since we are not going to
change it (just yet), we have to make DKIM work as well as it can with the
current ADSP.
And the Bad Guys are perfectly well aware of what ADSP does and how it is
deployed by the Good Guys. And so if they find they can circumvent ADSP by
signing messages with their own throwaway domains, then they will do so.
And if we are not going to fix ADSP (yet), then the only way we can stop
that particular exploit is to fix DKIM.
Arguing that "ADSP is a completely separate discussion" will achieve
nothing.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html