-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>
> 2) write a security consideration mentioning the reflection attack,
> and
> the likely mitigation that filtering software should view this as
> out of the ordinary
This is the way I think we should handle it.
Charles Lindsey noted that multiple Froms are legal but rare today,
but might be common later.
This is a marvelous point, but it never was an intent of DKIM to be
the perfect mail security system.
If it became common for someone to play a DKIM game with multiple
Froms, then I would expect other software (like SpamAssassin, or even
the MTA) to start flagging it. I can envision the Sendmail/Postfix
option to cause all multiple-from messages to be counted as DKIM-
noncompliant (or what ever word we're using for "suspicious").
That wouldn't be a bug, it would be a feature.
If there is an edge condition that can easily be handled elsewhere in
the mail system, let them do it.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFHkTv0sTedWZOD3gYRArEBAKD9x3/jk0dW8sAyLySkXubOVupxEgCg3r0d
t5m5fgflbbFK7xkX8jaF3/I=
=YRoL
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
