Victor Duchovni wrote:
On Sun, Dec 14, 2008 at 01:17:23AM -0800, Murray S. Kucherawy wrote:
- attacker manages to get some malicious content of some kind signed
under "example.com"
...
<politacally incorrect frank view>
While of course one might disagree with your comments, I think that they very
much are not politically correct or incorrect. I'm commenting on your
qualifier
because I think that some folks are having trouble even understanding the
nature
of disagreements or misunderstanding about the role of DKIM for trust, rather
than mistrust, and want to caution all of us against thinking that this is a
religious or delicate matter. Rather it is a matter of distinguishing between
the heuristic world of abuse (attackers and deception) from the deterministic
world of trust.
This is PKI disease. DKIM is not S/MIME. If forgery is a serious threat,
don't rely on DKIM. DKIM enables scalable assignment of possitive
reputation to domains. Damn all the "DKIM solves phishing" marketing,
I think it is very counter-productive!
</politacally incorrect frank view>
+10.
(and yes, the decimal point is in the correct position.)
In other words, I think this is a massively important issue and the Victor has
captured it perfectly.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html