On Sat, 2006-05-27 at 08:49 -0700, Paul Hoffman wrote:
At 7:24 AM -0700 5/27/06, Douglas Otis wrote:
If a bad-actor compromised a system handling the private key half of the
published key at d=co.uk, or got lucky cracking the key with a massive
bot-net or specialized hardware, then they would be able to generate
messages with email-addresses annotated as verified for _all_ of
*.co.uk. Compromising a key high in the hierarchy, per the current
draft, would have a huge pay-off when spoofing messages.
This is in the "movie-plot terrorism" realm.
What exactly is far-fetched? DKIM keys and MTA use at the xLDs does not
currently appear to be an immediate concern, allowing this provision,
where any parent domain is assumed authoritative for all sub-domain
email-addresses, gives high-level domains a tremendous advantage over
other email service providers for outbound services.
A high-level domain could offer email-address validation for a broad
range of email-addresses. There does not seem to be any prohibitions
regarding the use of outbound MTAs at xLDs, although there may be
practical reasons for this not being done today. This provision
provides a market incentive for the undesired deployment of keys at
these levels. The absurdity seems to be the authoritative assumption.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html