You mean when querying the accreditation service?
How would this interact with Verisign's publishing of wildcard
records (e.g. if the accreditation service goes out of business and
its domain name is revoked)?
Given that 20 odd TLDs publish wildcard records today this looks
like a problem regardless of what might happen in any given domain.
This is what happens when you have what the DNS folks call a DNS
hack.
This goal of indirect identification of accreditation services seems
like a positive thing. Has there been any attempt to analyze the
additional overhead?
I don't think it is large. You simply keep a log of the citations
of unknown accreditation services. You feed it back in every now
and again and look to see if you should track them.
Also, as with SPF et al there is the question of feedback from the
recipient: e.g. one might want to have the ability for the recipient
to publish information about what that recipient requires of a
sender. Some unified scheme might be useful, like:
( Sender domain must publish SPF OR DMP
AND Sender must be accredited by any two of {abc, def, ghi, xyz}
AND Sender IP must publish MTAMark)
OR ( Sender must accept address verification probe )
but that's probably a whole nother effort.
I think that is essentially mirroring the WS-Policy work in
web services land.
Pretty bold assertion :-)
It hasn't held true with some DNSBL services. Among other reasons is
the wide variety of definitions of "incorrect," as well as extremely
polar opinions about listing criteria, remedies,
responsibility, et al.
That why I want to avoid static listing. The accreditation services
must be accountable.
Red flag: better would be "these bits are reserved and must be set
to zero." If you don't guarantee they are zero from the outset,
it's hard to make sure you can use them in the future.
I don't want acceptors to assume that they will be zero. I want
them to be ignored.
Do you really anticipate using NAPTR?
Hey look who is the co-chair of the MARID-WG...
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg