Bill,
I'm not sure I understand the question. The g= tag (in the key record)
only has to do with the local-part of the address, and can be
wildcarded. There is no definition of wildcards in the i= address. The
only 'wildcarding' that exists with respect to subdomains is that
implied by the fact that d= can be a parent domain of i=, so a parent
domain (say, example.com) can sign for a subdomain (*.example.com or
even *.*.example.com, etc.).
Or did I mis-interpret your question?
-Jim
Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
Just want to clarify
You want to ensure that wildcards and i,g tags can delimit subdomains,
is that correct?
Bill Oxley
Messaging Engineer
Cox Communications, Inc.
Alpharetta GA
404-847-6397
bill(_dot_)oxley(_at_)cox(_dot_)com
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Douglas Otis
Sent: Thursday, June 08, 2006 8:07 PM
To: Paul Hoffman
Cc: IETF-DKIM
Subject: Re: [ietf-dkim] Underscore considerations
On Jun 8, 2006, at 5:00 PM, Paul Hoffman wrote:
At 4:35 PM -0700 6/8/06, Jim Fenton wrote:
Let's try to construct the problem case: Suppose someone managed to
register _domainkey.com. They could then publish keys in that
domain,
and sign arbitrary messages on behalf of .com. That's obviously a
Bad
Thing.
Er, why? It is only bad if someone signs messages with "d=com",
which is unlikely.
Assume that a recipient expects to see the email-address validation
annotation. A bad actor that has obtained or compromised a key at
this location could then sign messages and recipients could see all
the email-address using *.com annotated as having be validated. This
validation, as currently defined in DKIM, is to be accepted.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html