On Jun 8, 2006, at 5:51 PM, Michael Thomas wrote:
Douglas Otis wrote:
On Jun 8, 2006, at 5:08 PM, Michael Thomas wrote:
Even if you could, and even if a registrar were boneheaded
enough to shoot
their own foot, how hard could it possibly be for a DKIM
verifier to enumerate
the TLD's and not accept selectors from that set of blacklisted
_domainkey
delegations? Am I missing something?
Imagine a large corporation issues private keys to everyone under
their highest level domain. Why? Because it is easy, which is
the justification made for the 'i=' subdomain feature in the
first place.
These individual users can specify any subdomain where perhaps
their localpart is restricted and still have it annotated as
verified. Now some of these keys are captured by the new worm
affecting some program. Spammers can now send valid email
messages using billions of different email-addresses all thanks
to the convenience provided for transmitting messages with the
i=(_at_)subdomain feature.
Until the selector is revoked by big-domain. This is a non-issue,
and is certainly
not the issue under discussion.
But this is the issue being discussed. These are serious security
concerns. There is zero containment of local-part namespace between
any subdomains. This too becomes a serious concern and is one of the
problems created. Even if a higher level domain wanted to do DKIM
safely, the MUA signing feature would be a disaster as a result of
this dubious feature.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html