Jim Fenton asked me to write a blurb on this after discussing it with him at the DKIM conference in Santa Clara.
My understanding of the rules around the domain and the identity of a message is that the identity (i=) must always be the same as the domain (d=), OR a subdomain of it. Then, the public key published at <selector>._domainkey.<domain> will be looked up. I am not, however, aware of any mechanism for preventing a malicious TLD operator from publishing a key at _domainkey.<tld>. This suggests to me that it's quite possible for the operators of the TLD, whether that's Verisign or some government-controlled agency, can then send mail with d=tld and [EMAIL PROTECTED], and that such a message's signature would validate. To hit closer to home, for me, a sufficiently ill-conceived SiteMinder-like scheme by Verisign could permit them to send signed mail with the identity [EMAIL PROTECTED] by signing as d=com. Obviously the TLD operators in most countries probably would not risk the legal challenges to doing something like this, but it opens up avenues of abuse where the TLD is operated by the government or, potentially, even by a disgruntled key employee or agent of an independent TLD operator. This may simply be "as designed", but it is, IMO, worth documenting. -- Mike _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
