Earl Hood wrote:
On July 28, 2005 at 16:57, Jim Fenton wrote:
And to extend it further, the SSP should provide the ability to
list which domains are allowed to do third-party signing. Otherwise,
if it is boolean switch, turning on the switch open you up to
spoofing attacks.
If someone outside the domain is an authorized sender, how about
delegating a key (selector) to them so that they can apply a first-party
signature? This can either be done on an individual-selector basis, or
it's even possible to delegate a selector hierarchy
(*.outsource._domainkey.example.com) to them.
I'm not seeing how this prevents a malicious domain from spoofing
the OP identity if the OP has third-party signatures enabled?
If you can provide a more detailed example, I would appreciate it.
Note that this mainly a question of what the receiver does once it's
validated
a signature (eg, the RSA check succeeds). At that point, the receiver
can try
to see if the signature binds to an outside address -- like say the From
address.
If there isn't a intact signature bound to the From: address, the
receiver MUST
check the signing policy of the From: domain. If it is o=!, then it
should consider
the other potentially valid signatures as if they didn't exist.
Mike