[ietf-dkim] Re: the more reliable signature fallacy
Wietse Venema
wietse at porcupine.org
Thu Jan 24 06:18:23 PST 2008
Frank Ellermann:
> John L wrote:
>
> >> This is the exact problem for PRA in the SIDF implementation.
>
> > Quite right. What would be the point in inventing yet another
> > authentication scheme that fails in all the same places that
> > SIDF and SPF do?
>
> SPF has no problem with non-standard mailing list behaviour, it
> doesn't look at (2)822 header fields From / Sender / Resent-*.
If you replace (Client IP Address) by (Valid DKIM Signature) then
the similarity between SPF and SSP can be quite striking.
Extreme application of SPF results in the rejection of mail that
does not come from the "right" Client IP Address.
Extreme application of SSP results in the rejection of mail that
does not come with the "right" Valid DKIM Signature.
It's really the same thing, at different layer in the OSI stack.
Or is it?
If all SSP were doing was to re-invent SPF at a different OSI
layer, then no progress would be made; we would only squander the
opportunity for better accountability that DKIM makes possible.
Wietse
More information about the ietf-dkim
mailing list