ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SSP RR vs TXT [was Re: [ietf-dkim] SSP and o= values]

2006-03-30 14:26:08
from [Dave Crocker] [Permanent Link] 


Mark Delany wrote:

policy/practice/(petunia?) records.  The choice of whether to use a new
RR or a TXT key record should be retrieved is something that can be
represented in the signature (the query type, q=, tag has been suggested
which makes sense).


As a practical matter, I don't see how this can actually work to
eliminate the DKK then TXT sequence because you don't know the
capabilities of the verifiers. Can they fetch DKK? No one knows.



1.  signers MUST have a TXT and SHOULD have a new RR.

2.  signers using RR indicate this with q=<newRR>.

3.  verifiers that see q=<newRR> SHOULD query for that RR but MAY query for the 
TXT.

Single query, no matter what the situation.  No failures, so no fallbacks.
The only risk is having a verifier that does not know whether their DNS client code can support the new RR. Seems a trivial configuration option. 

d/
--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: SSP RR vs TXT [was Re: [ietf-dkim] SSP and o= values], Hallam-Baker, Phillip
Next by Date:  Re: SSP RR vs TXT [was Re: [ietf-dkim] SSP and o= values], Mark Delany
Previous by Thread:  Re: SSP RR vs TXT [was Re: [ietf-dkim] SSP and o= values], Mark Delany
Next by Thread:  Re: SSP RR vs TXT [was Re: [ietf-dkim] SSP and o= values], Mark Delany
Indexes:  [Date] [Thread] [Top] [All Lists]