Paul Hoffman wrote:
At 4:35 PM -0700 6/8/06, Jim Fenton wrote:
Let's try to construct the problem case: Suppose someone managed to
register _domainkey.com. They could then publish keys in that domain,
and sign arbitrary messages on behalf of .com. That's obviously a Bad
Thing.
Er, why? It is only bad if someone signs messages with "d=com", which
is unlikely.
It would be likely if it was a Bad Actor that registered the domain. I
meant to say "a bad actor" rather than "someone".
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html