[ietf-dkim] DKIM SSP: Security vulnerability when SSP record
does not exist?
Scott Kitterman
ietf-dkim at kitterman.com
Wed Aug 24 07:00:00 PDT 2005
...... Original Message .......
On Tue, 23 Aug 2005 22:23:15 -0700 Douglas Otis <dotis at mail-abuse.org>
wrote:
...
It seems to me that your proposed approach is anything but simple. It
would appear to me that you want to trade the direct, obvious, near-term
benifits of a defined deterministic Sender Signing Policy (I'm not saying
the current draft is perfect) for an uncertain, undesigned, and
undocumented automated abuse reporting infrastructure.
You get to call this 'simple' from a DKIM perspective only by declaring all
this complexity external to DKIM.
Scott Kitterman
More information about the ietf-dkim
mailing list