On Thu, 16 Sep 2010 00:45:09 +0100, Hector Santos <[email protected]> wrote:
>> Filename: draft-lindsey-dkim-mailinglists > >> Abstract: >> It is proposed that a Mailing List Manager (MLM) may, under >> certain circumstances, replace the From header field of a message >> before forwarding it in order to prevent its being discarded by >> over-zealous DKIM verifiers/receivers. > > Real good Charles. > > My nit would be it lacks a security section. I think you need to > provide a rational why this proposal ... whats the proper word here, > pick one > > violates, ignores, skips, circumvents > > the security framework policy attempts to provide for the author domain? But I don't think it does. You don't do any of the things I am suggesting unless you have already established there was a valid author doain signature when it arrived, AND created an A-R to record the fact AND re-signed. Of course if you are a malicious MLM, you might have invented the whole thing, but that is already possible. There are already plenty of phishes coming from [email protected], so one coming from ebay%[email protected]. So I don't see that I have created any security loophole that was not already there. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: [email protected] snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
