mail-vet-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [mail-vet-discuss] secdir review ofdraft-kucherawy-sender-auth-header-11.txt (fwd)

2008-01-31 16:10:17
from [Murray S. Kucherawy] [Permanent Link] 
Paul Hoffman wrote:

That's not how I read the discussion on SecDir. In specific:

At 9:09 AM -0500 1/29/08, Barry Leiba wrote:
[...] It seems likely that if this header should become popular, malware would be changed to take advantage of that, and to use compromised machines to spoof sender-auth headers within their own domains... so this is a real threat that needs to be addressed. And it seems to me that (1) is the right way to do it. So there should be something in the security considerations describing this 
problem, and suggesting (1) as a way to deal with it.


That's more than a "security consideration".
The author of the review concurred with Barry's points, including that last sentence, which seems to me to limit it all to a security consideration. 
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [mail-vet-discuss] secdir review ofdraft-kucherawy-sender-auth-header-11.txt (fwd), SM
Next by Date:  Re: [mail-vet-discuss] secdir review ofdraft-kucherawy-sender-auth-header-11.txt (fwd), Murray S. Kucherawy
Previous by Thread:  Re: [mail-vet-discuss] secdir review ofdraft-kucherawy-sender-auth-header-11.txt (fwd), Murray S. Kucherawy
Next by Thread:  Re: [mail-vet-discuss] secdir review ofdraft-kucherawy-sender-auth-header-11.txt (fwd), Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]