ietf-clear
[Top] [All Lists]

[clear] CLEAR FAQ Typo?

2005-09-08 14:32:50
The FAQ, <http://mipassoc.org/csv/csv-faq.htm>, has the following:

  * Q: What does that look like in "bind" format?
  * A: I advertise the DNS SRV as:

    mailhost        IN      A       <MTA IP address>
                    IN      PTR     _vouch._smtp.csv_vouch
    _client._smtp.host.example.com  SRV 1 2 0 host.example.com

Shouldn't the last line be,

    _client._smtp.mailhost.example.com.  SRV 1 2 0 mailhost.example.com.

in order to match the A and PTR record of mailhost?

Another question about the FAQ: For the question "What will that
software now do?", it is mentioned that a DNA and CSA query are done
in parallel.  However, how can the DNA be done unless the accreditation
service is already known?

If the server is going to use what the client published (a highly
questionable practice), the server would first have to do a
_vouch._smtp lookup first before doing an accreditation lookup.

I'm wondering of there is really any value for an SMTP client
to publish vouch records.  In accreditation, the server cannot
trust anything provided by the client, therefore, the server should
already have a predefined set of accreditation services it will query,
regardless what an SMTP client may claim.  The Security Considerations
section of CSV-DNA should discuss this.

Section 5 of CSV-DNA implies in step 3 that a server can query the
client's vouch record for determining accreditation services to query.
If this is the case, the FAQ does not reflect this scenario.  Since
such behavior is questionable from a security standpoint, should
SMTP client publishing of vouch records even be supported?

What is the value of an SMTP client publishing vouch records?
What real-world cases exist that an SMTP server will make use of
such records?

--ewh
_______________________________________________
ietf-clear mailing list
ietf-clear(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-clear