Re: Attacking Domain Keys


On Tue, 30 Nov 2004, Meng Weng Wong wrote:

if SPF passes, auth passes.
if DK passes, auth passes.


SPF and DK two different technologies, one protects the session, another 
one the content - they are on different layers of of email security and 
not parallel to each other. Please don't mix it up in people's minds that 
they should provide security as either one or the other. Both should be 
used and both should pass and if one does not it just means it did not 
pass it does not mean you should now rely on the other one, nor does it 
mean that if one passes (i.e. session authentication) you are now free
not to do the content mail signatures check.

Email security should be done so that both technologies work and
not be done as conglomerate of half-broken systems!

DK may fail on mailing lists, but SPF will pass.


There are better mail signature technologies then DK that protects content 
and do not break on mail lists.

that's why teams have many players: if one misses the ball,
someone else still has a chance to save.


I'm beginning to get horrified by your continuing analogies to real world
which do not properly represent the situation, again you're only confusing
people. But since you started it, I'll just mention that teams are not made 
up of players where one player has no right hand and another one has no
left hand! 

Each one of the "players" must be fully capable on his own and if he misses
it just means "ball" did not go his way (i.e. no records published if you 
want an ananlogy back to email security), not that he actually missed 
because he did not have the right body parts to handle it.

that's the philosophy from Unified SPF. :)


That is not a philosophy of Unified SPF, please see the following message 
that you yourself made about what Unified SPF is:
 
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200406/0874.html

And also see the following (never published as IETF ID) draft:
 http://spf.pobox.com/unified/id/uspf-1-unified-00.txt

I can tell you right now that I'll continue to push the agenda on SPF 
(especially if I'm elected to the council) that this be considered
future UnifiedSPF and future agenda for SPF community.

---
William Leibzon, Elan Networks:
 mailto: william(_at_)elan(_dot_)net
Anti-Spam and Email Security Research Worksite:
 http://www.elan.net/~william/emailsecurity/

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Attacking Domain Keys, (continued) Re: Attacking Domain Keys, Roger Moser Re: Attacking Domain Keys, Theo Schlossnagle RE: Attacking Domain Keys, Seth Goodman we're not deaf (was: Attacking Domain Keys), Frank Ellermann RE: we're not deaf (was: Attacking Domain Keys), Seth Goodman Re: we're not deaf, Frank Ellermann RE: Attacking Domain Keys, Stuart D. Gathman Re: Attacking Domain Keys, wayne RE: Attacking Domain Keys, Seth Goodman Re: Attacking Domain Keys, Meng Weng Wong Re: Attacking Domain Keys, william(at)elan.net <= Re: Attacking Domain Keys, Greg Connor Re: Sendmail white paper, Michael Hammer Re: Sendmail white paper, Rand Wacker Re: Sendmail white paper, James Couzens Re: Sendmail white paper, wayne Re: Sendmail white paper, Frank Ellermann RE: Sendmail white paper, MW Mike Weiner (5028) Re: Sendmail white paper, Fridrik Skulason RE: Sendmail white paper, Stefan Engelbert