You didn't miss anything; this was an addition in the -10 version of the
draft. It was inserted in response to a Discuss concern expressed by
Cullen Jennings in IESG review.
The concern we were addressing was that the ability for a TLD (or
similar entity, such as .co.uk) to have keys published would give the
power for a key to be very widely valid. Consequently, if some sort of
DNS or similar compromise were found that would make such a key appear,
it would have a widespread impact. Providing a way for the verifier to
not accept keys published by TLDs and the like blunts the value of that
attack.
In the example you gave, the existence of keys that are valid for the
entire TLD should make other domains in that TLD nervous. The g= tag
only constrains the local-part of the address; there is no way to
restrict a key published in a TLD to a particular domain or domains.
The ability to sign for a subdomain applies to all subdomains, and is
intended for use only when the subdomains are under common administration.
-Jim
John Levine wrote:
I never noticed until now the text in 6.1.1 saying that an
implementation can keep a list of domains that are "not valid signing
entities". I'm not suggesting we change it, but what was the idea of
this paragraph?
If Verisign were to offer signing keys for mail from .com registrants
(no doubt at extra cost) and published some keys at
blah._domainkey.com, why would those signatures be any worse than
anyone else's?
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html