On Fri, 08 Jul 2011 13:05:49 +0100, McDowell, Brett
<bmcdowell(_at_)paypal-inc(_dot_)com> wrote:
John, this particular part of the discussion is not about changing the
RFC or DKIM implementations, only changing deployment configuration
practices.
Exactly so. All I am trying to do is to ensure that those who engage in
deployment should be warned of these particular dangers, but everyone is
trying to shout me down.
I have posted a wording (and even a revision of same). Do you agree with
or oppose that wording. Please say.
to make to avoid the horrors of a duplicate From: attack that is and
likely will
always be entirely hypothetical,
I think is is clear that these attacks will work if deployers fail to
watch out for them. The only question is how long it will take the Bad
Guys to spot the opportunities (and for sure they WILL spot them - sooner
probably than later).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html