> -----Original Message----- > From: [email protected] [mailto:ietf-dkim- > [email protected]] On Behalf Of Douglas Otis > Sent: Tuesday, April 27, 2010 12:18 PM > To: [email protected] > Subject: Re: [ietf-dkim] Wrong Discussion - was Why mailing lists > should strip DKIM signatures > > While messages with intact DKIM signatures of financial institutions > offers reasonable protection, acceptance of broken signatures validated > by some third-party's authentication-results header would impose > significant risk. Any mailing list that does remove > authentication-results headers would provide easy exploits of X.
True, if you ignore the main point that got this started: Z trusts Y to do authentication properly and make correct assertions via Authentication-Results. The "trust" here has been established out-of-band. In essence, then, Z treats what Y is saying as always true because of some audit that was done on the work done at Y. I didn't suggest this should be generally true. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
