[ietf-dkim] list vs contributor signatures, was Wrong Discussion
Charles Lindsey
chl at clerew.man.ac.uk
Mon May 3 03:06:55 PDT 2010
On Fri, 30 Apr 2010 15:23:54 +0100, Michael Thomas <mike at mtcc.com> wrote:
> On 04/30/2010 07:05 AM, McDowell, Brett wrote:
> Yeahbut... there are zillions of mailing lists out there. How do you
> know the good ones
> from the bad ones? Keep in mind, of course, that bad guys can resign
> too, and they can
> easily make themselves look like a mailing list if that's something that
> gives them
> advantage.
Yes, but the fundamental property of mailing lists is that you sign up to
them. So if you receive a message from a mailing list that you never
subscribed to you (and the phisher in unlikely to know what you are
subscribed to, except that you are certainly not subscribed to his bogus
list) then you do not trust any signature created by that list manager.
Generally speaking, if you sign up to a list, you do so or a reason, and
you have a pretty good idea of who is running the list and for what
purpose.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list