Additional lookups (was Re: [ietf-dkim] Re: 1368 straw-poll)
Scott Kitterman
ietf-dkim at kitterman.com
Thu Mar 1 18:46:02 PST 2007
On Thursday 01 March 2007 21:00, Wietse Venema wrote:
> Hector Santos:
> > Wietse Venema wrote:
> > > If the verifier gives different treatments to different types of
> > > "other", then the bad guys will exploit the verifier's behavior.
> >
> > Applying equal treatment should be done across the board, the valid and
> > invalid, not just for the so called "elite" messages.
> >
> > It is with the exceptions and relaxed provisions where exploitation will
> > take place, the FSUSP (FAILED SIGNATURE UNSIGNED STATUS PROMOTION) is
> > one of them.
>
> Perhaps I wasn't clear enough.
>
> When a DKIM verifier gives unequal treatment to any of the following:
>
> - no signature
> - broken signature
> - unsupported signature
> - other failure
>
> Then the bad guys will send their forged mail in the way that receives
> the most favorable treatment.
Absolutely +1.
Scott K
More information about the ietf-dkim
mailing list