>> >> Bad actors will find signatures surviving as a result of the 'l=n' >> parameter, can then add their malware which might be a very innocent >> looking URI pointing to some provider's AUP. This message can then be >> sent in bulk anywhere. The innocent URI may still cause an exploit to >> occur, and recipients might have thought they were trusting you. >> So who >> is hurt? >> >> Of course, the DKIM community will then need to explain to these >> end users >> about this wonderful feature that allowed them to be completely >> confused. > > My answer is that the ISP who fails to scan a message, is an idiot > and deserves to go out of business. > > Come on, Doug. You're saying that DKIM is this magic thing that > obviates the need for virus scanning. Pull the other one.
Rather than blaming end users or ISP for failing to detect a possible exploit, especially those that cross domains where a portion of the threat is not seen (and might even be innocent on its own), the issue is with DKIM offering a protection scheme where the recipient is _likely_ confused about who sent what. The blame MUST be placed on DKIM and no where else. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
