Date: Sun, 6 Apr 2008 23:06:25 -0700
From: dhc(_at_)dcrocker(_dot_)net
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: [ietf-dkim] New Issue: protecting a domain name vs. protecting a
domain tree
3. At least one of the sub-tree mechanisms is attempting to glean
information
from the absence of publisher action. Let me explain:
I believe the desire with checking the A record is similar to the idea
behind having ADSP in the first space.
Dave,
Like others I am guessing that you are referring to section 4.2.2 step 2. In
that step it explicitly says that you can check for any record you want and the
semantics of the returned record itself are basically irrelevant only the
existence of some response other than NXDOMAIN matters. In the case of an
NXDOMAIN I didn't read that section as intuiting any policy. It just says to
return an error which I read as something different than, return some specific
result. Since the domain doesn't exist the administrator can't have been
expected to create a policy for it so error seems like the right answer to me.
Otherwise to create policies for all of my domains I would have to create
policies not just for all existing sub-domains of that domain (which I
personally would support) but all conceivable sub-domains of a domain (which I
don't think I would).
Robert
_________________________________________________________________
Pack up or back up–use SkyDrive to transfer files or keep extra copies. Learn
how.
hthttp://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_skydrive_packup_042008
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html