On 7/10/2011 7:51 PM, Murray S. Kucherawy wrote:
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
On Behalf Of Scott Kitterman
Sent: Sunday, July 10, 2011 6:46 PM
To: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Doublefrom language
@mipassoc.org
Subject: Re: [ietf-dkim] Doublefrom language should be in ADSP, not core
I think we should make it clear that singleton header fields like From (and
Subject and Date) can be added without breaking signatures unless one is
careful as a signer and/or a verifier. This is related to a core
Michael Deutschmann wrote:
One additional thought on the whole double-From: argument -- if RFC
language on the issue is justified at all, it really belongs in the
ADSP RFC, not a core DKIM one.
A double-From: doesn't even rise to the level of theoretical threat
except when dealing with ADSP
On Sun, 10 Jul 2011, Hector Santos wrote:
Now of course, if ADSP was a standard and whitehouse.com had an
exclusive signing policy, receivers would of rejected the junk
distributed by Dave's list server as an ADSP violation. But ADSP is a
pipe dream.
The attack only matters if the user
-1
---
Sent from my mobile phone
On Jul 10, 2011, at 3:58 AM, Michael Deutschmann mich...@talamasca.ocis.net
wrote:
On Sun, 10 Jul 2011, Hector Santos wrote:
Now of course, if ADSP was a standard and whitehouse.com had an
exclusive signing policy, receivers would of rejected the junk
Well, you have a point:
DKIM has failed to address legacy spoofing problems.
The hope was this would be one of the highest and immediate benefits
when an domain raised the bar by what was expected in his mail and
supportive receivers saw deviations from the domain's published policy
On Sun, 10 Jul 2011, Hector Santos wrote:
Well, you have a point:
DKIM has failed to address legacy spoofing problems.
That's not quite the point I intended to make.
I consider it faintly possible that a situation could arise where a lazy
validation module embedded in an MTA always
On Saturday, July 09, 2011 07:19:17 PM Michael Deutschmann wrote:
One additional thought on the whole double-From: argument -- if RFC
language on the issue is justified at all, it really belongs in the
ADSP RFC, not a core DKIM one.
A double-From: doesn't even rise to the level of
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
On Behalf Of Michael Deutschmann
Sent: Sunday, July 10, 2011 12:53 AM
To: DKIM List
Subject: Re: [ietf-dkim] Doublefrom language should be in ADSP, not core
The attack only matters
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
On Behalf Of Scott Kitterman
Sent: Sunday, July 10, 2011 6:46 PM
To: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] Doublefrom language should be in ADSP, not core
I think we should
One additional thought on the whole double-From: argument -- if RFC
language on the issue is justified at all, it really belongs in the
ADSP RFC, not a core DKIM one.
A double-From: doesn't even rise to the level of theoretical threat
except when dealing with ADSP (or a successor).
If we, for
11 matches
Mail list logo