Douglas Otis wrote:
On Jun 8, 2006, at 5:08 PM, Michael Thomas wrote:
Even if you could, and even if a registrar were boneheaded enough to
shoot
their own foot, how hard could it possibly be for a DKIM verifier to
enumerate
the TLD's and not accept selectors from that set of blacklisted
_domainkey
delegations? Am I missing something?
Imagine a large corporation issues private keys to everyone under
their highest level domain. Why? Because it is easy, which is the
justification made for the 'i=' subdomain feature in the first place.
These individual users can specify any subdomain where perhaps their
localpart is restricted and still have it annotated as verified. Now
some of these keys are captured by the new worm affecting some
program. Spammers can now send valid email messages using billions
of different email-addresses all thanks to the convenience provided
for transmitting messages with the i=(_at_)subdomain feature.
Until the selector is revoked by big-domain. This is a non-issue, and is
certainly
not the issue under discussion.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html