ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Underscore considerations

2006-06-09 14:15:10
from [Jim Fenton] [Permanent Link] 
Bill,

I'm not sure I understand the question.  The g= tag (in the key record)
only has to do with the local-part of the address, and can be
wildcarded.  There is no definition of wildcards in the i= address.  The
only 'wildcarding' that exists with respect to subdomains is that
implied by the fact that d= can be a parent domain of i=, so a parent
domain (say, example.com) can sign for a subdomain (*.example.com or
even *.*.example.com, etc.).

Or did I mis-interpret your question?

-Jim

Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:

Just want to clarify
You want to ensure that wildcards and i,g tags can delimit subdomains,
is that correct?

Bill Oxley 
Messaging Engineer 
Cox Communications, Inc. 
Alpharetta GA 
404-847-6397 
bill(_dot_)oxley(_at_)cox(_dot_)com 

-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Douglas Otis
Sent: Thursday, June 08, 2006 8:07 PM
To: Paul Hoffman
Cc: IETF-DKIM
Subject: Re: [ietf-dkim] Underscore considerations


On Jun 8, 2006, at 5:00 PM, Paul Hoffman wrote:

  

At 4:35 PM -0700 6/8/06, Jim Fenton wrote:
    

Let's try to construct the problem case:  Suppose someone managed to
register _domainkey.com.  They could then publish keys in that  
domain,
and sign arbitrary messages on behalf of .com.  That's obviously a  
Bad
Thing.
      

Er, why? It is only bad if someone signs messages with "d=com",  
which is unlikely.
    


Assume that a recipient expects to see the email-address validation  
annotation.  A bad actor that has obtained or compromised a key at  
this location could then sign messages and recipients could see all  
the email-address using *.com annotated as having be validated.  This  
validation, as currently defined in DKIM, is to be accepted.

-Doug
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

  

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] Montreal agenda, other than base, Hallam-Baker, Phillip
Next by Date:  Re: [ietf-dkim] Underscore considerations, Jim Fenton
Previous by Thread:  RE: [ietf-dkim] Underscore considerations, Douglas Otis
Next by Thread:  Re: [ietf-dkim] Underscore considerations, Jim Fenton
Indexes:  [Date] [Thread] [Top] [All Lists]