-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org on behalf of Jon Callas
Sent: Wed 6/6/2007 5:41 PM
To: IETF DKIM WG
Subject: Re: MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have a huge fear that I am beating a dead horse down a rathole. I
also fear that I no longer understand what's being discussed.
However, I want to make a cryptographic observation.
If you create a suitably-sized RSA key, throw away the private key,
and put the public key in a DKIM selector, you have made a selector
that can't have mail signed from it (or if you want to be really
anal, forging a signature for that selector is equivalent to breaking
that key).
If you then say, "I sign all mail" for any domain pointing to that
selector, you've effectively made a cryptographically enforced no-
mail, no-use, etc. domain using the existing Tinkertoys.
In short -- saying "I sign everything" with a non-existent or bogus
key is the same thing as saying, "You'll never see a valid one of
these."
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.1
Charset: US-ASCII
wj8DBQFGZyrbsTedWZOD3gYRAnBPAJ9NxOueGVa2rZi+UiTzl8GafNaCfQCfQ1KX
OmBByO7xYwGBpLpTV2aidd8=
=BtB1
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
/me is impressed excellent kiss solution thanks,
bill
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html