ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Delegated signatures in real life

2006-08-30 20:28:01
from [John Levine] [Permanent Link] 
But the protocol allows the bulk mailer to create any key records
they like and the protocol as it is written today means that they
are treated by the infrastructure as equivalent.


I suppose the bulk mailer could forge mail from ceo(_at_)orbitz(_dot_)com and
sign it with d=email.orbitz.com, but I don't see why that's any
different from signing it with d=doubleclick.com or any other domain
they control.  The dkim-base treats all d= the same, regardless of
the DNS structure.

What security issue does subdomain delegation introduce here?

R's,
John

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] Scalability concerns with Designated Signing Domains, Hallam-Baker, Phillip
Next by Date:  RE: [ietf-dkim] Delegated signatures in real life, Scott Kitterman
Previous by Thread:  RE: [ietf-dkim] Delegated signatures in real life, Hallam-Baker, Phillip
Next by Thread:  RE: [ietf-dkim] Delegated signatures in real life, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]