I remember talking about this a long time ago with Jim as a potential
attack. While it remains so, a TLD operator can even more easily
change your NS records too. So, really, the integrity of the DNS is
hinged on TLD operators not doing such evil things. As such, I don't
think DKIM's vulnerability is any greater than, say, the NS record
for bankofamerica.com, right?
I think that that's correct. But this is a different threat, so we
should note it at least.
Stephen.
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html
