On 10/14/2010 10:15 AM, John R. Levine wrote:
>> If you really think this is such a great big problem, maybe you should be
>> banging the drums at MAAWG or other venues where the correct set of ears
>> is potentially listening.
>
> I would rather not have to run a session at MAAWG entitled "How to fix the
> security holes in DKIM", but I certainly could.
>
> Am I really the only person who wants to be able to whitelist mail signed
> with known good signatures, drop it into user inboxes and expect
> reasonable results with existing MUAs?

I would hope so because this would be a really stupid thing to do.
Without the next line of defense -- virus, malware, spam, phishing --
you'd be setting your users up for big problems. Just because it's
DKIM signed from a good source doesn't mean it's not still evil.

That's why all of this hand wringing is silly.

Mike
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

Reply via email to