ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

2011-05-04 14:11:39
from [Michael Thomas] [Permanent Link] 
On 05/04/2011 11:53 AM, Dave CROCKER wrote:

          Considerations Section 8.  To avoid this attack, signers should
          be extremely wary of using this tag, and verifiers might wish
          to ignore the tag.
     

To avoid this attack, signers need to be extremely wary of using this tag, and
verifiers might choose to ignore signatures containing it.


   


Verifiers must not ignore them, assessors on the other hand may.
But assessors cannot because the existence of l= is not part of
the DKIM output. This results in an inconsistency in the protocol.

Mike
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Hector Santos
Next by Date:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Murray S. Kucherawy
Previous by Thread:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Murray S. Kucherawy
Next by Thread:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]