On Sat, 26 Apr 2008 02:54:36 +0100, Dave Crocker <dhc(_at_)dcrocker(_dot_)net>
wrote:
There are a lot of DNS management tools
out there that would need to change in order to publish the necessary
ADSP records, and this would take considerable time.
They already need to change, to support one record (for one domain.)
How is
there something fundamentally worse about having to support many?
A competent admin sets up his domains correctly, with ADSP records
corresponding to every A/MX record that should have one.
Then he goes on holiday, or leaves, or whatever, and his junior assistant
is told by his Boss "I want this machine added to our network, and I want
it adding NOW". So he creates an A record and leaves it at that.
This is the Real World and that is the way things happen, whether we like
it or not.
At least the two-level process described in the current draft (which is
indeed a compromise and a hack) will protect against a very large fraction
of such "accidents".
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html