Douglas Otis wrote:
[]
My suggestion this morning was that if we include this in the security
considerations
at all, that we just lift it from the -threats draft since that has
already been vetted.
Here's what's there now:
4.1.18. Key Publication by Higher Level Domain
In order to support the ability of a domain to sign for subdomains
under its administrative control, DKIM permits the domain of a
signature (d= tag) to be any higher-level domain than the signature's
address (i= or equivalent). However, since there is no mechanism for
determining common administrative control of a subdomain, it is
possible for a parent to publish keys which are valid for any domain
below them in the DNS hierarchy. In other words, mail from the
domain example.anytown.ny.us could be signed using keys published by
anytown.ny.us, ny.us, or us, in addition to the domain itself.
Operation of a domain always requires a trust relationship with
higher level domains. Higher level domains already have ultimate
power over their subdomains: they could change the name server
delegation for the domain or disenfranchise it entirely. So it is
unlikely that a higher level domain would intentionally compromise a
subdomain in this manner. However, if higher level domains send mail
on their own behalf, they may wish to publish keys at their own
level. Higher level domains must employ special care in the
delegation of keys they publish to ensure that any of their
subdomains are not compromised by misuse of such keys.
FWIW, I'm neutral as to whether we need to include this threat in -base
or not.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html