[ietf-dkim] SSP vs. reputation
Hector Santos
hsantos at santronics.com
Fri Jan 25 09:54:32 PST 2008
> Frank Ellermann wrote:
>> That you (as domain owner) can suddenly try to decree that I
>> cannot resend your old unsigned mail to Eric is preposterous
>> and a design issue in SSP.
> By why would be resending my original DKIM-signatures in
> your 2822 headers?
Oh I see, you are "redirecting" the original mail to someone else as if
it was "new."
You are not using the FORWARDING features of the MUA.
Well, I think I would prefer the protection here because even though you
are a GOOD GUY, if we allow this loophole, the bad guy will exploit it.
The end result is that if you see my messages are "special", then you
know that you can't "resend" it as "me."
Your MUA should tell ya
"Sorry, you can't do this. This message is Special."
We can't have it both ways. The same way of doing things and expect to
get the security we are seeking.
Something has to give and this one is perfectly acceptable to me because
it helps secured my domains as I intended it to be secured with a
DKIM=STRICT.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
More information about the ietf-dkim
mailing list