On Thu, 14 Oct 2010 17:30:42 +0100, Murray S. Kucherawy <m...@cloudmark.com> wrote:
>> -----Original Message----- >> From: ietf-dkim-boun...@mipassoc.org >> [mailto:ietf-dkim-boun...@mipassoc.org] On Behalf Of Charles Lindsey >> Sent: Thursday, October 14, 2010 7:32 AM >> To: DKIM >> Subject: Re: [ietf-dkim] detecting header mutations after signing >> But if there is no valid DKIM signature, the verifier will proceed to do >> ADSP checks, and will reject the message if it sees that ebay.com is >> 'discardable'. > > ADSP is a completely separate discussion. We're talking about advancing > DKIM here, not both of them. ADSP is largely the cause of our troubles. But since we are not going to change it (just yet), we have to make DKIM work as well as it can with the current ADSP. And the Bad Guys are perfectly well aware of what ADSP does and how it is deployed by the Good Guys. And so if they find they can circumvent ADSP by signing messages with their own throwaway domains, then they will do so. And if we are not going to fix ADSP (yet), then the only way we can stop that particular exploit is to fix DKIM. Arguing that "ADSP is a completely separate discussion" will achieve nothing. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: ...@clerew.man.ac.uk snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
