[ietf-dkim] user level ssp
mike at mtcc.com
Thu Sep 7 08:30:21 PDT 2006
Wietse Venema wrote:
>Could someone please explain the nature of the problem that would
>exist when these (financial) institutions can't selectively add
>DKIM signatures to outbound email? Engineering is about balance,
>but I haven't heard enough to make the trade off yet.
See my note to John.
>With per-user records in the DNS, should we not be worried about
>brute-force attacks to guess email addresses?
Maybe. A better way to express this would be to phrase it as a requirement
and/or constraint on any solution that have this be a feature.
>I'm also worried about the implied requirement that a DKIM verifier
>would have to do SSP lookups even when a valid first-hand DKIM
I've actually implemented this feature from ssp-00 and it does not require
a SSP lookup if there's a valid first party signature. It's no different
the normal operation.
More information about the ietf-dkim