[ietf-dkim] (offtopicish) RFC 4871 Word Cloud
Doug Otis
doug.mtview at gmail.com
Sun Apr 19 00:52:26 PDT 2009
On Apr 18, 2009, at 2:46 PM, Steve Atkins wrote:
>
> On Apr 18, 2009, at 2:29 PM, Hector Santos wrote:
>>
>> What bothers me though is that much of whats going on is being done
>> by 14-18 years old who IMO lack experience in social engineering
>> and ethical design considerations. To them the idea of COOKIES and
>> JAVASCRIPT being disabled is unthinkable.
>
> The lesson here is that irrational paranoia can damage useful http
> standards.
After untold users had systems compromised by zero-day browser script
exploits, and a vendor recently taking weeks to issue repairs for
several versions of their OS, why would anyone describe browser
related security concerns irrational? Once compromised, systems
appear to typically remain so, based on observed email behaviors.
The adopted an Authentication-Results header, while okay for DKIM,
intentionally excludes a means to inhibit annotations based upon CGNs
authorizations, for example. Security should not become secondary to
unsupported statements or unsupportable schemes aimed at retaining an
allusion of security. In the face of polymorphic threats, greater
reliance on source authentications is required, where possibly
vulnerable browsers are often used to read email.
-Doug
More information about the ietf-dkim
mailing list