[ietf-dkim] Delegating responsibility: a make vs. buy design
fenton at cisco.com
Sun Aug 20 22:34:13 PDT 2006
Scott Kitterman wrote:
> Yes, but the fundamental operational problem will be to pick the correct
> domain to sign with. You have to make that decision either way. The basis
> upon which you make the decision is the same. I agree that the result LOOKS
> less ambiguous with the NS delegation approach, but the fundamental security
> issue is don't pick the wrong domain to sign with and that's no different.
When using the "authorized signing domains" approach, the signer uses
its own domain name, not that of the domain doing the delegation. I
don't see where there is a choice for the signer to make (which is also
the source of the ambiguity).
More information about the ietf-dkim