On 10/14/2010 10:15 AM, John R. Levine wrote: >> If you really think this is such a great big problem, maybe you should be >> banging the drums at MAAWG or other venues where the correct set of ears >> is potentially listening. > > I would rather not have to run a session at MAAWG entitled "How to fix the > security holes in DKIM", but I certainly could. > > Am I really the only person who wants to be able to whitelist mail signed > with known good signatures, drop it into user inboxes and expect > reasonable results with existing MUAs?
I would hope so because this would be a really stupid thing to do. Without the next line of defense -- virus, malware, spam, phishing -- you'd be setting your users up for big problems. Just because it's DKIM signed from a good source doesn't mean it's not still evil. That's why all of this hand wringing is silly. Mike _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html