[ietf-dkim] A few SSP axioms
johnl at iecc.com
Tue Aug 1 07:00:04 PDT 2006
>As I read the later case, the only signature present (C's) is not one that is
>included in A's SSP. In this case we have a message with a signature that is
>outside the scope what A has said is authorized (or not included in A's
>authoritative list). If A is a high profile phishing target and signs all of
>it's mail, then it would be useful (I think) for receivers to recognize that
>the message has been signed by someone other than who A said it would.
Why do you want to prevent people from forwarding genuine, unmodified
messages? That's a feature, not a bug.
If ebay sends a message with a valid ebay signature, how can any chain
of forwarding and added signatures change the fact that it's a real
ebay message? Let's assume that ebay has enough sense to sign its
MIME headers and not to use l=, so the message that's delivered is the
same one that was sent.
More information about the ietf-dkim