Charles Lindsey: > > When the bad guy sends mail with (multiple) forged headers, the > > best they can get is that naive mail programs render their forged > > header with an indication that THE BAD GUY'S DKIM SIGNATURE VERIFIED. > > > > Sending forged headers with bad guy's DKIM signatures is not an > > interesting attack on DKIM. > > On the contrary, it is an exceedingly interesting attack.
If you believe that sending mail with a valid bad guy signature is an interesting attack on DKIM, then that implies that you're willing to believe mail that is signed by arbitrary strangers. That is a problem that DKIM is not designed to solve. Wietse _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html