[ietf-dkim] Domain ignore list in sec 6.1.1 ?
Jim Fenton
fenton at cisco.com
Fri Feb 16 23:25:13 PST 2007
You didn't miss anything; this was an addition in the -10 version of the
draft. It was inserted in response to a Discuss concern expressed by
Cullen Jennings in IESG review.
The concern we were addressing was that the ability for a TLD (or
similar entity, such as .co.uk) to have keys published would give the
power for a key to be very widely valid. Consequently, if some sort of
DNS or similar compromise were found that would make such a key appear,
it would have a widespread impact. Providing a way for the verifier to
not accept keys published by TLDs and the like blunts the value of that
attack.
In the example you gave, the existence of keys that are valid for the
entire TLD should make other domains in that TLD nervous. The g= tag
only constrains the local-part of the address; there is no way to
restrict a key published in a TLD to a particular domain or domains.
The ability to sign for a subdomain applies to all subdomains, and is
intended for use only when the subdomains are under common administration.
-Jim
John Levine wrote:
> I never noticed until now the text in 6.1.1 saying that an
> implementation can keep a list of domains that are "not valid signing
> entities". I'm not suggesting we change it, but what was the idea of
> this paragraph?
>
> If Verisign were to offer signing keys for mail from .com registrants
> (no doubt at extra cost) and published some keys at
> blah._domainkey.com, why would those signatures be any worse than
> anyone else's?
>
> Regards,
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
> Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
> "More Wiener schnitzel, please", said Tom, revealingly.
>
>
> _______________________________________________
> NOTE WELL: This list operates according to
> http://mipassoc.org/dkim/ietf-list-rules.html
>
>
More information about the ietf-dkim
mailing list