[ietf-dkim] draft-ietf-dkim-base-02 // Parent signing
securityconsiderations
Douglas Otis
dotis at mail-abuse.org
Thu Jun 1 13:03:06 PDT 2006
On Jun 1, 2006, at 12:39 PM, <Bill.Oxley at cox.com>
<Bill.Oxley at cox.com> wrote:
> Doug,
> Thanks for the clarification, so an assertion for subdomains that can
> "opt out" of parent signing systems so that bill***@foo.com is
> authenticated with sig and bob***@foo.com is not?
Partial mitigation of this issue was covered by the proposal:
http://mipassoc.org/pipermail/ietf-dkim/2006q2/003762.html
The ultimate control still remains with the TLD however. There are
no mechanisms currently within DKIM to limit sub-domain scopes for i=
email-address assurances.
-Doug
More information about the ietf-dkim
mailing list