ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP issues

2007-05-30 16:23:24

On May 30, 2007, at 4:54 PM, william(at)elan.net wrote:


(3) Upward query vs. wildcard publication. 27 messages in discussion from 15 people. Most of the discussion was a rehash of the idea of associating semantics with DNS zone-cuts, which we had already discussed and rejected. I have also been trying to get an opinion from DNSOP on the idea of a one-level upward search (which I think solves 90% of the problem), but haven't gotten any response.

Dont do it. The issue is that you can not properly tell where zone delegation starts. I know resourceful programmers (including me) keep track of this data and know that for example ".com" is one delegation but ".uk" is not and there you have ".co.uk". But the list is actually rather large and for several ccTLDs you have both use ".com.??" and ".??" as proper delegation zones. So getting around this is just way too tricky and if you don't what you end up doing is sending multitude of extra queries to ccTLD name servers. This is not proper operational approach as extra load would not be spread but directed towards several single points on the net.

I would be happy to help co-author a draft that establishes a list of current domains levels used by registries which should be excluded from queries for DKIM related records. The list therefore establishes the first and perhaps only location needing to be checked regarding email related policies. A rather manageable domain list established by this document would eliminate a need to use any type of wildcard mechanism. To avoid query overhead, new upper level domains should want to be added to this list as the need arises. A wildcard mechanism is also something relatively easy to abuse. As such, it is doubtful any wildcard scheme will gain acceptance within DNSEXT or DNSOPS WGs.

-Doug
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>