On Saturday 19 August 2006 18:49, Michael Thomas wrote:
Scott Kitterman wrote:
Yes, but the fundamental operational problem will be to pick the correct
domain to sign with.
If you know the submission authentication information, why is this hard?
They authenticate as foo(_at_)bar(_dot_)com, that means I pick the key for
bar.com
(and potentially foo if there's a g=). This doesn't seem like rocket
science to me.
No, I don't think it's that hard either. One earlier objection, that seemed
to me to be the key concern for some was that in order to make third party
signing safe it would be necessary to pick a different domain to sign with.
My point here is that first party with NS delegation or with an authorization
list it's the same issue.
I think we agree on that point then.
You have to make thatd decision either way. The basis
upon which you make the decision is the same. I agree that the result
LOOKS less ambiguous with the NS delegation approach, but the fundamental
security issue is don't pick the wrong domain to sign with and that's no
different.
No, the fundamental problem is that there's no way for a signer to relay
that
information to the receiver via i= when you're a third party.
OK. I didn't pick that up as the objection earlier (must be my density). Let
me think about that. Off the top of my head, I don't see why it's a major
issue, but I'll think about it.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html