Jim Fenton wrote: > In some cases (2821-zoo) it appears you agree
Yes, in other words, if DKIM is all you have - either as "signer" or as "checker" - it must still make sense. > in others it appears that you are describing new threats Not really, I just like your idea to sort the threats by probability and impact. Then I tried to see what it does with the known ways to get some kind of DKIM PASS result: Nothing special for "eboy", probability high, impact TBD. If users are misled to think that a PASS is always good they'd be in trouble. But we knew that already. > (zombie behind the checking agent) That's interesting if we start to work on something like Authentication-Results: "Just fake it from the inside" is an obvious idea. And "don't let internal mail bypass the check" is an obvious counter-measure. > Can you provide a list of threats that have not been > mentioned which you think should be included? Your idea (probability plus impact) is relevant for the case "zombie before the signing agent". This MUST NOT happen, the impact could be devastating. Bye, Frank _______________________________________________ ietf-dkim mailing list http://dkim.org
