ietf-mailsig
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The cost of choices

2005-07-27 17:42:18
from [Arvel Hathcock] [Permanent Link]
Yes, this is correct and is the mechanism preventing an attacker from spoofing your domain in the From header and signing with his own key thereby possibly making the recipient assume you sent a signed message. 

--
Arvel
----- Original Message ----- From: "James Scott" <james(_dot_)scott(_at_)liverton(_dot_)com> To: "'Dave Crocker'" <dcrocker(_at_)bbiw(_dot_)net>; <arvel(_at_)altn(_dot_)com>; <ietf-mailsig(_at_)imc(_dot_)org> 
Sent: Wednesday, July 27, 2005 7:10 PM
Subject: RE: The cost of choices




Dave Crocker wrote:


that is, if i delegate arvel.bbiw.net to you, either it
validates under bbiw.net or it doesn't.  it requires no
"policy" publication for others to query.
My understanding of the process from the drafts is that if a message from an 
"alleged sender" in domain arvel.bbiw.net was received containing a valid
dkim signature applied by a third party, then the signing policy of the
"alleged sender" needs to be checked to determine whether that sender
permits such third party signatures.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: revised Proposed Charter, william(at)elan.net
Next by Date:  SSP outbound signing policy, Arvel Hathcock
Previous by Thread:  RE: The cost of choices, James Scott
Next by Thread:  Re: The cost of choices, Earl Hood
Indexes:  [Date] [Thread] [Top] [All Lists]