[ietf-dkim] Underscore considerations
Steve Atkins
steve at blighty.com
Fri Jun 9 08:02:40 PDT 2006
On Jun 9, 2006, at 7:32 AM, Paul Hoffman wrote:
> At 8:53 PM -0700 6/8/06, SM wrote:
>> Hi Jim,
>> At 16:35 08-06-2006, Jim Fenton wrote:
>>> Let's try to construct the problem case: Suppose someone managed to
>>> register _domainkey.com. They could then publish keys in that
>>> domain,
>>> and sign arbitrary messages on behalf of .com. That's obviously
>>> a Bad
>>> Thing.
>>
>> Domain names are limited to alphabetic characters, digits and hyphen.
>
> No, *host names* are restricted to alphabetic characters, digits
> and hyphen. This has been discussed, ad nauseum, for decades.
No, *host names* are scarcely restricted at all. You may wish it were
otherwise, but it's not the case. In particular, underscores are
downright common in hostnames, and most DNS servers don't put any
constraints on them. There are RFC requirements on them, sure, but
most people naming hosts aren't aware of them, they're not enforced
by software and nothing bad happens when you violate them.
About the only thing you can rely on is that most (all?) registries
enforce those character restrictions in domains registered with them.
Which, fortunately, is enough to avoid the _domainkey.com "problem".
Cheers,
Steve
More information about the ietf-dkim
mailing list