On Tue, 18 Jan 2005, Douglas Otis wrote:
If there is a revocation scheme using records just to revoke specific
accounts (identified within the header with u=xyz01234 as example), then
acceptance of the message may conditioned upon an address lookup of:
xyz01234._arl.<domain>.
Lets assume bad guy (a spammer) got hold of the domain-specific private key.
Now that means they can write any signature they want and insert any "uid"
in there. What you're proposing is that if that happens and legitimate
domain owner gets to see it, he'll quickly set this uid as invalid.
Let me tell you what is going to happen instead, spammer is going to either:
1. Use the same uid that legitimage domain owner used in recent emails OR
2. Use random uids for all their emails
Either way your system will not help much...
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net