[ietf-dkim] Re: New Issue: 4.2 needs new Attack Item: Inconsistent
Signature vs Policy Attacks
nobody at xyzzy.claranet.de
Mon Jan 30 13:07:09 PST 2006
Tony Hansen wrote:
> 1) always look for the SSP, as Hector suggests;
> 2) add information to the DKIM DNS record to indicate that
> the SSP should always be looked for;
> 3) incorporate the SSP information into the DKIM DNS record;
> or 4) some other ways I'm not thinking of at the moment.
Doug proposed to copy the SSP into the signature as shortcut
for any "check SSP only for valid signatures" strategy. If I
understood his proposal correctly. Apparently that has the
same effect as your point (3), and if possible (3) is better.
> Of the first three, I'd lean towards #2.
How does that help receivers wishing to reject unsigned mails
with a STRONG or EXCLUSIVE SSP ? Where "unsigned" includes
More information about the ietf-dkim