[ietf-dkim] DKIM Interoperability Event notes
Murray S. Kucherawy
msk at sendmail.com
Thu Nov 8 16:04:30 PST 2007
On Thu, 8 Nov 2007, Hector Santos wrote:
> Attackers will be able to create a FAILED fascimile of a primary domain
> DKIM complete message and as long as the primary has a t=y policy, the
> attackers need not worry about HASH PERFECTION - it just randomly
> creates a signature with a junk hash because the t=y will promote a
> IGNORE FAILURE concept.
OK so in fact the complaint is "t=y is dangerous", not "a hacker could
insert t=y into someone's policy" (which is what you originally said).
There are other people here who can debate that as well as or better than
I so I'll yield.
In sticking to the Subject: of this thread, no, this was not discussed at
the Interop event. SSP was determined early on to be out-of-scope for our
tests. We were focusing only on RFC4871 itself.
It was felt, though, that SSP might be the subject of a future Interop
event once the draft has become an RFC (or, perhaps, multiple proposals
are available).
More information about the ietf-dkim
mailing list