On Sep 13, 2006, at 4:35 AM, Hector Santos wrote:
It is because of that inconsistent DKIM reception handling
unknowns between different systems, we risk encouraging DKIM bad
actors to proliferate against the new creation of different
potential targets.
In summary, the concern is that there is a risk when you don't
have a common DKIM-BASE handling concept.
Could you give a simple example of this risk? Please be brief.
Real world example - DNSRBL
A bit too brief. : )
I assume you mean RHS-Block-lists based upon the DKIM signing domain?
Whether bad actors use DKIM or not does not appear to represent any
added risk.
The limitations in a DKIM signing domain assessment will be exploited
by bad actors. DKIM has a rather major limitation requiring a
message envelope to be considered independently from that of the
signing domain. This means there _are_ substantial risks for the RHS-
Block-List operator. This limitation requires stronger evidence of
behavior approaching that of a criminal nature. This requirement is
well beyond what is normally adequate for listings in IP address
block-lists.
Could you clarify your concern with simple example that illustrates
what you want to see changed. Again please be brief, but do provide
the example.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
