ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Final update to 4871bis for working group review

2011-07-07 09:28:10
On 7/6/2011 10:59 PM, Michael Deutschmann wrote:
Under the double-From: exploit Otis is so concerned about, one signer can
(given favorable winds) trick an end-user into thinking his message was
signed properly *by someone else*.  So indeed, a signer can attack.

A signer can attack a recipient.  A signer cannot attack DKIM's mechanisms.

I would also be interested in seeing an example of a case where adding an 
extra From: line changles the d= in a DKIM signature.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>