Just want to clarify You want to ensure that wildcards and i,g tags can delimit subdomains, is that correct?
Bill Oxley Messaging Engineer Cox Communications, Inc. Alpharetta GA 404-847-6397 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Otis Sent: Thursday, June 08, 2006 8:07 PM To: Paul Hoffman Cc: IETF-DKIM Subject: Re: [ietf-dkim] Underscore considerations On Jun 8, 2006, at 5:00 PM, Paul Hoffman wrote: > At 4:35 PM -0700 6/8/06, Jim Fenton wrote: >> Let's try to construct the problem case: Suppose someone managed to >> register _domainkey.com. They could then publish keys in that >> domain, >> and sign arbitrary messages on behalf of .com. That's obviously a >> Bad >> Thing. > > Er, why? It is only bad if someone signs messages with "d=com", > which is unlikely. Assume that a recipient expects to see the email-address validation annotation. A bad actor that has obtained or compromised a key at this location could then sign messages and recipients could see all the email-address using *.com annotated as having be validated. This validation, as currently defined in DKIM, is to be accepted. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
