Douglas Otis:
On Sep 6, 2006, at 5:39 PM, Wietse Venema wrote:
Why? The signature must be valid and the email-address must be
assured to be valid. How is the email-address susceptible?
I can answer that. Exploitation of the mapping from recipient
address to DNS record name, by the application of brute force.
If policy attempts to list all valid email-addresses, then it would
be possible to use these records to discover valid email-addresses as
you suggest.
This is not how the mechanism is envisioned to be used however. As
opposed to John's suggestion, this mechanism would automate
annotations for "select" email-addresses within a domain. These
email-addresses are likely already widely known, and are useful only
in conjunction with a trusted domain. These "select" email-addresses
offer a means to differentiate messages the trusted domain wishes to
automatically convey as trustworthy.
With only a small number of email addresses in a domain, the existing
mechanism is plenty sufficient. Simply use an appropriate selector
field in the DKIM signature. This problem can easily be solved
without introducing complexity in the form of per-user mechanisms.
As far as I can tell, we're talking about a solution for which a
convincing problem has yet to be found.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html