On Fri, 2006-05-26 at 18:24 -0700, Paul Hoffman wrote:
At 6:08 PM -0700 5/26/06, Douglas Otis wrote:
... i=somebody(_at_)some-domain(_dot_)co(_dot_)uk d=co.uk
Currently this is permitted in the base draft which indicates the
parent domain is authoritative for sub-domains.
This is absurd. Under which scenario would a signer in
some-domain.co.uk possibly put d=co.uk in their signature?
If a bad-actor compromised a system handling the private key half of the
published key at d=co.uk, or got lucky cracking the key with a massive
bot-net or specialized hardware, then they would be able to generate
messages with email-addresses annotated as verified for _all_ of
*.co.uk. Compromising a key high in the hierarchy, per the current
draft, would have a huge pay-off when spoofing messages.
By not allowing this unconfirmed assertion that the "parent is always
authoritative for email-addresses within sub-domains" removes any
special concern that exists with regard to MTA security at some higher
level. Remove this baseless assertion and then security can be
strengthened according to the need at the level being verified.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html