On 2006-01-31 10:09, Dave Crocker wrote:
The non dkim compliant mta who hasn't deployed dkim yet or knowing much
about it places a rule stating that signed messages should be allowed to
travel inbound without further checking because dkim is new and safe.
non-dkim compliant, but nonetheless makes a policy decision based on the
presence -- and not even the validity -- of a signature?
that sort of receive-side behavior seems sufficiently misguided that I can't
imagine a need to protect against it by our work.
If we have to list out every stupid thing that somebody might possibly
do which they know doesn't comply with DKIM, we'll never finish.
And yet, listing every security issue with every technology that DKIM
depends on (DNS, SMTP, TCP, etc) would take forever too. We might as
well just write "the Internet is inherently insecure" and go home.
Are there truly no bounds on the threat analysis?
--
J.D. Falk, Anti-Spam Product Manager
Yahoo! Communications Platform Team
_______________________________________________
ietf-dkim mailing list
http://dkim.org
