On Wed, 6 Jul 2011, Barry Leiba wrote: > As Pete has pointed out -- and has he's adamant about -- the signer > can't attack... that is, DKIM can't do anything about "attacks" by the > signer.
Under the double-From: exploit Otis is so concerned about, one signer can (given favorable winds) trick an end-user into thinking his message was signed properly *by someone else*. So indeed, a signer can attack. Although I still don't agree with Otis' demands for extra language in the RFC. Really, his case would make sense if there was some squad of thugs ready to force every mail-admin to implement DKIM, but only to the strict letter of the final RFC. Then putting that in might make a difference -- but so would throwing in a whole bunch of other unrelated anti-abuse best practices. In real life, however, if you don't have the power to demand that a recipient mail admin block incoming double-From: messages, then you don't have the power to demand that they deploy DKIM at all. ---- Michael Deutschmann <mich...@talamasca.ocis.net> _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html