[ietf-dkim] New DKIM threat analysis draft
johnl at iecc.com
Sat Oct 1 23:20:31 PDT 2005
I finally read it, and I like it, too.
My only suggestion is to add something in section 6 about attacks on
the key distribution system, intended to make it impossible for
recipients to tell whether a signature is valid or not. I'm thinking
of stuff like DDOS of the DNS servers that distribute the keys and the
usual litany of attacks on DNS.
More information about the ietf-dkim