Markley, Mike wrote:
> I am not, however, aware of any mechanism for preventing a
> malicious TLD operator from publishing a key at
> _domainkey.<tld>. This suggests to me that it's quite
> possible for the operators of the TLD, whether that's
> Verisign or some government-controlled agency, can then
> send mail with d=tld and [EMAIL PROTECTED], and that such
> a message's signature would validate.
Hi, that sounds like a general "bug" or "feature" not limited
to TLDs, it would be the same with say ac.uk or navy.mil SLDs,
or any other domain with "independent" (zone cut) subdomains.
> Obviously the TLD operators in most countries probably would
> not risk the legal challenges to doing something like this,
Some TLDs are rather small, some have even an IP like "ordinary"
example.com domains. I wouldn't bet that say "tv" is always
"better" than ordinary domains wrt to "independent" subdomains
(there must be a proper term for this case, please correct me.)
> This may simply be "as designed", but it is, IMO, worth
> documenting.
Yes, but I'd say the general case has to be documented, it's
not limited to TLDs.
Bye, Frank
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html
