On Tue, Feb 14, 2006 at 03:21:35PM -0800, Markley, Mike allegedly wrote:
Jim Fenton asked me to write a blurb on this after discussing it with
him at the DKIM conference in Santa Clara.
My understanding of the rules around the domain and the identity of a
message is that the identity (i=) must always be the same as the domain
(d=), OR a subdomain of it. Then, the public key published at
<selector>._domainkey.<domain> will be looked up.
I am not, however, aware of any mechanism for preventing a malicious TLD
Presumably a malicious TLD operator can also change what name servers
answer for your domain in which case they can completely assume your
identity as far as DKIM is concerned.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html