ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: New Issue: TLD key publication and signing

2006-02-21 08:32:28
from [Michael Thomas] [Permanent Link] 
Dave Crocker wrote:
As much as I would like to completely dismiss any DNS-"related" attack
to the DNS realm, and not DKIM's, I think your point is well-taken and should be documented, for the reason you give. 

That said, I suggest a rather simple note:
The nature of the DNS hierarchy gives quite a bit of power to any domain up the hierarchy.
Once one has the ability to redirect the entire subtree to different servers, the rest of the attacks by a parent (or above) become quibbles. 

It should be noted that the only thing this affects is SSP.
A delegation cannot be overridden for selectors with the
exception of gross manipulation of NS records which is not
a dkim specific threat.

                Mike
_______________________________________________
NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] Supporting alternate algorithms, Bill.Oxley
Next by Date:  Re: [ietf-dkim] small question in draft-ietf-dkim-base-00.txt on TXT record, Michael Thomas
Previous by Thread:  Re: [ietf-dkim] Re: New Issue: TLD key publication and signing, Dave Crocker
Next by Thread:  Re: [ietf-dkim] Re: New Issue: TLD key publication and signing, Andrew Newton
Indexes:  [Date] [Thread] [Top] [All Lists]