mail-vet-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [mail-vet-discuss] secdir review ofdraft-kucherawy-sender-auth-header-11.txt (fwd)

2008-01-29 17:27:52
from [J D Falk] [Permanent Link] 
It seems likely that if this header should become popular, malware
would be changed to take advantage of that, and to use compromised
machines to spoof sender-auth headers within their own domains... so
this is a real threat that needs to be addressed.  And it seems to me
that (1) is the right way to do it. So there should be something in

the

security considerations describing this problem, and suggesting (1)

as

a way to deal with it.


That's more than a "security consideration".


Have the same concerns been raised in other WGs for the possibility that
somebody might hack into an IMAP server and modify messages there?


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [mail-vet-discuss] secdir review ofdraft-kucherawy-sender-auth-header-11.txt (fwd), Paul Hoffman
Next by Date:  Re: [mail-vet-discuss] secdir review of draft-kucherawy-sender-auth-header-11.txt (fwd), SM
Previous by Thread:  Re: [mail-vet-discuss] secdir review ofdraft-kucherawy-sender-auth-header-11.txt (fwd), Paul Hoffman
Next by Thread:  RE: [mail-vet-discuss] secdir review ofdraft-kucherawy-sender-auth-header-11.txt (fwd), SM
Indexes:  [Date] [Thread] [Top] [All Lists]