On September 8, 2005 at 18:25, John Leslie wrote:
The Security Considerations section of CSV-DNA should discuss this.
Feel free to suggest wording. (I'm not sure how many other readers
will think this belongs in "Security Considerations", though.)
Although it is recommended for SMTP clients to publish _vouch._smtp
records, SMTP servers SHOULD NOT blindly query the domains listed.
An SMTP client may try to publish accreditation domains that
it directly controls, providing the SMTP client with false
If an SMTP client-listed accreditation domain is already known
and trusted by the SMTP server, the SMTP server MAY query the
accreditation domain listed as an optimization step to avoid any
discoverying overhead in determining the client's accreditation
Section 5 of CSV-DNA implies in step 3 that a server can query the
client's vouch record for determining accreditation services to query.
If this is the case, the FAQ does not reflect this scenario.
The FAQ is a personal document; and I personally have no enthusiasm
for the mechanism in Section 5 of DNA.
What machanism do you have enthusiasm for?
ietf-clear mailing list