On Sat, 2006-05-27 at 20:26 -0700, Dave Crocker wrote:
A verifier should not expect any parent domain to be authoritative
for what is a valid sub-domain email-address.
No matter how many times you say this, it's still not true.
indeed. which prompts the obvious question: why are folks pursuing this.
This was an attempt to discuss the parent signing issue. It would be
helpful to indicate specifics rather than arguing against the
discussion.
Steve Atkins raised the point that example co.uk does not currently
implement DKIM as to why such concern is unrealistic. A financial
incentive might change this assumption, when allowing any parent to
validate the email-addresses of any sub-domain "as-if" authoritative.
In addition to being at the pinnacle of trust for domain delegations,
without any change in domain delegation, this entity would find
themselves at the pinnacle of trust for email-addresses as well.
Dave, from your response, are you suggesting that ggTLD, ccTLD, SLD,
operators should be considered authoritative for all email-addresses
within their domain? Or are you suggesting these operations should be
precluded from publishing DKIM keys?
John Levine takes the position this is a contractual issue, presumably
between the regulatory bodies and the domain service operators. John,
are you suggesting all future contracts should include a ban on
publishing DKIM keys at these levels?
Proponents desire key publishing simplification by employing what is
often an unrealistic mandate. Most would regard this mandate absurd
when viewed from the perspective their TLD provider. This provider is
now authoritative for whether an email-address within their domain is
valid? The legal and possible security issues trump a publishing
simplification.
The assertion any parent is _always_ authoritative (without any
confirmation) for any sub-domain email-address, together with a lack of
any existing contractual obligations for domain operators, may mean once
a DKIM key is publish at a very high level, this key will be targeted
for attack. Once one such key is compromised, the entire domain is
compromised. One key failure causing a compromise cascade for all
sub-domains seems like a very poor design choice.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html