ietf-dkim
[Top] [All Lists]

Re: MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues

2007-06-06 23:41:21
A couple of small points:

Jon Callas wrote:
If you create a suitably-sized RSA key, throw away the private key,  
and put the public key in a DKIM selector, you have made a selector  
that can't have mail signed from it (or if you want to be really  
anal, forging a signature for that selector is equivalent to breaking  
that key).

If you then say, "I sign all mail" for any domain pointing to that  
selector, you've effectively made a cryptographically enforced no-
mail, no-use, etc. domain using the existing Tinkertoys.

The selector name would be in the signature (which probably isn't
there), not in the policy.  But the same thing can be accomplished by
simply not publishing any key records, which has the advantage also that
it can avoid the computation required to verify a bogus signature.

In short -- saying "I sign everything" with a non-existent or bogus  
key is the same thing as saying, "You'll never see a valid one of  
these."

But I agree with this statement, which I think is your main point.

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>