[ietf-dkim] Delegating responsibility: a make vs. buy design
decision
Jim Fenton
fenton at cisco.com
Sun Aug 20 22:34:13 PDT 2006
Scott Kitterman wrote:
> Yes, but the fundamental operational problem will be to pick the correct
> domain to sign with. You have to make that decision either way. The basis
> upon which you make the decision is the same. I agree that the result LOOKS
> less ambiguous with the NS delegation approach, but the fundamental security
> issue is don't pick the wrong domain to sign with and that's no different.
>
When using the "authorized signing domains" approach, the signer uses
its own domain name, not that of the domain doing the delegation. I
don't see where there is a choice for the signer to make (which is also
the source of the ambiguity).
-Jim
More information about the ietf-dkim
mailing list