RE: [Exim] Yahoo DomainKeys...

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Ring, John C
日付:  
To: exim-users
題目: RE: [Exim] Yahoo DomainKeys...
I'm just trying to mull over in my mind why this would be so much better
then http://spf.pobox.com/. Here are some of my first thoughts.

SPF major weakness - DNS spoofing and IP spoofing SMTP connections of the
valid IP address(es) advertised by SPF.

Yahoo! DomainKeys major weakness - DNS spoofing.

Perhaps I'm mistaken, but it seems to me that DNS spoofing is not more
difficult then IP spoofing of an SMTP session. Since a successful DNS spoof
of the relevant TXT record would negate either system, there's not much
point to the crypo part of DomainKeys, which only protects against the 2nd
attack vector on SPF.

Now, of course perhaps ONE DAY we'll have secure DNS widely deployed, but it
seems likely that IPsec will also be widely deployed by then, which would
address both SPF weaknesses. So it seems to me that both systems are pretty
much equal with regards to being attacked, both today and in the future.

Given that, since no one is claiming a trademark on SPF, it's easier to
implement, and it's less computationally expensive, SPF seems to me the
better choice of the two.

--------------------------
John C. Ring, Jr.
jcring@???
Network Engineer
Union Switch & Signal Inc.