That is somewhat unfair.
Until DNSSEC there was no need to standardize behavior at all unless you were
using different software flavors to publish your DNS information. Even the zone
transfer issue was irrelevant since the semantics of the woldcard were defined
in the publishing server.
DNSSEC reqired there be a single interpretation of a signed wildcard. The
advantage of chosing the narrow matching rules was that it was always possible
for someone to add in extra records if broader semantics were desired but not
possible to take records out if the match was too loose.
As you point out in your other messages, DNS does provide support for this
particular use case, even though it might not be what we want.
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of John Levine
Sent: Saturday, June 09, 2007 7:53 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] DNS wildcarding behavior scenarios
[1] For the RFC lawyers, not of any actual operational
value: There are
some RFCs that specify some of this behaviour, I believe, in the
context of zone transfers rather than DNS queries but those
RFCs really
just document the behaviour of that one authoritative
server, and most
people consider them a mistake worth forgetting as far as being a
Standard with a capital S is concerned, rather than just
documentation
of current practice with that one server.
Unfortunately, there seems to be a critical mass of people in
the DNS part of the IETF that believe otherwise, that the
only problem with wildcards is that there are servers that
don't do exactly what BIND does, and the solution is to fix
them so they do.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html