[ietf-dkim] Underscore considerations
Bill.Oxley at cox.com
Bill.Oxley at cox.com
Fri Jun 9 05:23:07 PDT 2006
Just want to clarify
You want to ensure that wildcards and i,g tags can delimit subdomains,
is that correct?
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill.oxley at cox.com
-----Original Message-----
From: ietf-dkim-bounces at mipassoc.org
[mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Douglas Otis
Sent: Thursday, June 08, 2006 8:07 PM
To: Paul Hoffman
Cc: IETF-DKIM
Subject: Re: [ietf-dkim] Underscore considerations
On Jun 8, 2006, at 5:00 PM, Paul Hoffman wrote:
> At 4:35 PM -0700 6/8/06, Jim Fenton wrote:
>> Let's try to construct the problem case: Suppose someone managed to
>> register _domainkey.com. They could then publish keys in that
>> domain,
>> and sign arbitrary messages on behalf of .com. That's obviously a
>> Bad
>> Thing.
>
> Er, why? It is only bad if someone signs messages with "d=com",
> which is unlikely.
Assume that a recipient expects to see the email-address validation
annotation. A bad actor that has obtained or compromised a key at
this location could then sign messages and recipients could see all
the email-address using *.com annotated as having be validated. This
validation, as currently defined in DKIM, is to be accepted.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
More information about the ietf-dkim
mailing list