ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] draft-ietf-dkim-base-02 // Parent signing securityconsiderations

2006-06-01 13:23:58

On Jun 1, 2006, at 12:39 PM, <Bill(_dot_)Oxley(_at_)cox(_dot_)com> <Bill(_dot_)Oxley(_at_)cox(_dot_)com> wrote:

Doug,
Thanks for the clarification, so an assertion for subdomains that can
"opt out" of parent signing systems so that bill***(_at_)foo(_dot_)com is
authenticated with sig and bob***(_at_)foo(_dot_)com is not?

Partial mitigation of this issue was covered by the proposal:

http://mipassoc.org/pipermail/ietf-dkim/2006q2/003762.html

The ultimate control still remains with the TLD however. There are no mechanisms currently within DKIM to limit sub-domain scopes for i= email-address assurances.

-Doug

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>