On Fri, 26 May 2006, Paul Hoffman wrote:
At 6:08 PM -0700 5/26/06, Douglas Otis wrote:
... i=somebody(_at_)some-domain(_dot_)co(_dot_)uk d=co.uk
Currently this is permitted in the base draft which indicates the parent
domain is authoritative for sub-domains.
This is absurd. Under which scenario would a signer in some-domain.co.uk
possibly put d=co.uk in their signature?
You did not fraze it right. They can obviously put it in, the signature
would just not be valid unless they have access to key of their parent
domain.
V---V
What should be explained is that parent domain is authoritive for users
in its own and/or child domains when such users have access to full keys
(private and public) with public part published by the parent domain.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html