I never noticed until now the text in 6.1.1 saying that an
implementation can keep a list of domains that are "not valid signing
entities". I'm not suggesting we change it, but what was the idea of
this paragraph?
If Verisign were to offer signing keys for mail from .com registrants
(no doubt at extra cost) and published some keys at
blah._domainkey.com, why would those signatures be any worse than
anyone else's?
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html