[ietf-dkim] Not exactly not a threat analysis
Earl Hood
earl at earlhood.com
Wed Aug 17 11:13:23 PDT 2005
On August 17, 2005 at 08:26, Michael Thomas wrote:
> PS: as I said, take a look at l= and z= and their implications
> for mailing lists.
l= is a massive security problem. If you are relying on it, then
you are relying on a exploitable aspect of DKIM. How verifiers
deal with l= either needs to be revised or this tag needs to
be dropped.
As for z=, the draft states that z= data should not be part
of validation.
--ewh
More information about the ietf-dkim
mailing list