On Feb 4, 2009, at 10:40 AM, Eliot Lear wrote:
Doug Otis cites the case I wonder as to whether it exists. One
could envision all sorts of things going on within the LHS of the
@, like a encrypted username with a nonce. I can't say whether
anybody actually does that or wants to do that.
Imagine that in the near future, DKIM becomes a major factor in
determining message acceptance. This might occur when there are too
many IPv6 address to utilize block-lists that are too large to
economically track and publish. No only might the list size become
problematic, evidence must also be retained for each listing. An
inability to publish block-lists will then mean acceptance is likely
to be based upon white-listed IP address of SMTP clients. For
messages from SMTP clients outside the white-lists, something like
DKIM might play a greater role. When it does, it becomes important to
protect DKIM signatures from being abused.
A domain not having any problem with their accounts will not need to
worry about the stability of the i= value. For those that find their
signatures abused, there will be a limit as to the number of i=
entries that can be tracked. Once this i= limit is exceeded, use of
the domain's DKIM signature as a basis for acceptance will have become
impractical. On the other hand, when the i= value is stable, abuse
will be easier to handle, as it should not increase much beyond the
total number of problematic accounts.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html