On Wed, Oct 20, 2010 at 09:38:04PM -0700, Murray S. Kucherawy allegedly wrote:
-Original Message-
From: John R. Levine [mailto:jo...@iecc.com]
Sent: Wednesday, October 20, 2010 5:08 PM
To: Murray S. Kucherawy
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] double header
At 17:53 19-10-10, Mark Delany wrote:
In a DKIM world a list server could reasonable use DKIM to bypass this
confirm sequence and make your life a bit simpler. Perhaps it relies
on Authentication-Results or somesuch. In any event such a list server
is actually *more* vulnerable than it is today if
On Wed, Oct 20, 2010 at 01:41:03AM -0700, SM allegedly wrote:
At 17:53 19-10-10, Mark Delany wrote:
In a DKIM world a list server could reasonable use DKIM to bypass this
confirm sequence and make your life a bit simpler. Perhaps it relies
on Authentication-Results or somesuch. In any event
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
On Behalf Of Mark Delany
Sent: Tuesday, October 19, 2010 5:53 PM
To: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] double header reality check
Any filter or agent that makes any
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Murray S. Kucherawy
Sent: Wednesday, October 20, 2010 1:55 PM
To: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] double header reality check
SNIP
There has been
MH Michael Hammer (5304) wrote:
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-
boun...@mipassoc.org] On Behalf Of Murray S. Kucherawy
Sent: Wednesday, October 20, 2010 1:55 PM
To: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] double header reality
] double header reality check
SNIP
There has been talk of applying DKIM to technologies like Usenet and
HTTP
output. Packing DKIM with mail-specific verification requirements
could
prevent such things from happening. Shall we also add a but only
when
used in the email context clause?
Seeing
On 10/20/2010 01:31 PM, Rolf E. Sonneveld wrote:
On 10/20/10 9:30 PM, MH Michael Hammer (5304) wrote:
Seeing as the M in DKIM stands for Mail, we don't have to put a but
only when used in the email context clause. If a DKIM like approach is
used for other protocols then we might reasonably
On 10/20/10 10:55 AM, Murray S. Kucherawy wrote:
I think a lot of this discussion conflates protocol specification
with implementation. I'm focused on the former. I maintain that
including wording intimating that a DKIM implementation is
non-compliant if it fails to do mail format
On 10/20/10 3:19 PM, Murray S. Kucherawy wrote:
[]
I totally agree that that's an important distinction to make, document,
highlight and shout from the rooftops. But... Does it *have* to use RFC2119
normative language?
Here's maybe a better way to frame the question: Should we empower
On Oct 20, 2010, at 3:19 PM, Murray S. Kucherawy wrote:
Validating mail syntax belongs in the specification for the mail
components and DKIM work belongs in the DKIM components.
That's why, layer violation or no, I think it's important to distinguish
between format errors that are likely
Here's maybe a better way to frame the question: Should we empower ourselves
to label a DKIM implementation that doesn't do format enforcement as (a)
non-compliant, or (b) low-security/low-quality?
The latter. Hey, we agree. I think I always said SHOULD rather than
MUST.
The DKIM spec is
On 10/20/2010 04:36 PM, Steve Atkins wrote:
On Oct 20, 2010, at 3:19 PM, Murray S. Kucherawy wrote:
Validating mail syntax belongs in the specification for the mail
components and DKIM work belongs in the DKIM components.
That's why, layer violation or no, I think it's important to
Michael Thomas m...@mtcc.com wrote:
On 10/20/2010 04:36 PM, Steve Atkins wrote:
On Oct 20, 2010, at 3:19 PM, Murray S. Kucherawy wrote:
Validating mail syntax belongs in the specification for the mail
components and DKIM work belongs in the DKIM components.
That's why, layer violation or
On Oct 20, 2010, at 6:08 PM, Scott Kitterman wrote:
Michael Thomas m...@mtcc.com wrote:
On 10/20/2010 04:36 PM, Steve Atkins wrote:
On Oct 20, 2010, at 3:19 PM, Murray S. Kucherawy wrote:
Validating mail syntax belongs in the specification for the mail
components and DKIM work
-Original Message-
From: John R. Levine [mailto:jo...@iecc.com]
Sent: Wednesday, October 20, 2010 5:08 PM
To: Murray S. Kucherawy
Cc: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] double header reality check
Here's maybe a better way to frame the question: Should we empower
So it establishes a false sense of resolving a security issue.
Hmmn. I could reiterate for a fourth time why the double header thing is
only a security issue in the context of DKIM, but there's clearly
something else going on that prevents people from getting it.
Here's a question: in the
-Original Message-
From: ietf-dkim-boun...@mipassoc.org [mailto:ietf-dkim-boun...@mipassoc.org]
On Behalf Of John R. Levine
Sent: Tuesday, October 19, 2010 2:47 PM
To: DKIM List
Subject: [ietf-dkim] double header reality check
So it establishes a false sense of resolving
]
On Behalf Of John R. Levine
Sent: Tuesday, October 19, 2010 2:47 PM
To: DKIM List
Subject: [ietf-dkim] double header reality check
So it establishes a false sense of resolving a security issue.
Hmmn. I could reiterate for a fourth time why the double header thing
is only a security issue
Mark Delany wrote:
Only once tools and UAs take advantage of DKIM, do these attacks
become relevant. That's why I think this is a DKIM problem. We are
wanting tools and UAs to take advantage of DKIM but by doing so they
are possibly making themselves more vulnerable to attackers.
+1
And
20 matches
Mail list logo
