ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] TXT wildcards SSP issues

2007-06-02 20:23:28
from [Hallam-Baker, Phillip] [Permanent Link] 
There are two sets of concerns here.

First there is how to achieve the administrative effect desired.
Second there is how to work with DNSSEC without requiring changes.


Administrative wildcards are part of the DNS configuration file and NOT the DNS 
zone file that is transported by AXFR or whatever. If you are using DNSSEC you 
are in any case going to be using some form of tool to sign your zone. 
Expansion of administrative wildcards happens before the DNSSEC signature 
records are created.

In general if you are editing a file with the signature records in it you are 
probably doing something ill advised anyway.
 


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of 
william(at)elan.net
Sent: Saturday, June 02, 2007 8:17 PM
To: Steve Atkins
Cc: Untitled WG
Subject: Re: [ietf-dkim] TXT wildcards SSP issues


On Sat, 2 Jun 2007, Steve Atkins wrote:


The problem is that you've just spec'ed SSP to use a 

protocol that is 

not DNS.  It's fairly similar to DNS, but it's not DNS.  I can't 
imagine the IESG accepting that in a standards track document.


No, it's perfectly compliant DNS. Really, it is.

It's not bind, though, and there's a fairly common fallacy at IESG, 
amongst other places, that DNS is "what bind does" rather than 
vice-versa. So, yeah, you're right about the standards 

document issue 

(were it me, I'd just spec TXT records and not mention wildcards at 
all).

I have a dns server that'll do internal wildcard records 

today (as do 

you, IIRC). The information it uses to do that will not transfer 
correctly over AXFR - but who, other than some subset of 

bind users, 

uses AXFR to maintain their secondaries, anyway? :)


If it was just AXFR all would be great. But in order to do 
DNSSEC it is in fact necessary for servers to know how to 
process wildcards and that means any local wildcard-like 
MACROs have to be part of the spec.

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] SSP issues, Hallam-Baker, Phillip
Next by Date:  MX dot RE: [ietf-dkim] TXT wildcards SSP issues, Hallam-Baker, Phillip
Previous by Thread:  Re: [ietf-dkim] TXT wildcards SSP issues, william(at)elan.net
Next by Thread:  Re: [ietf-dkim] TXT wildcards SSP issues, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]