On Mar 11, 2008, at 11:16 AM, Dave Crocker wrote:
Again, to repeat what I said at the mic:
The current, 3-step procedure is certainly an improvement, however I
do not
understand the need for the second step, in terms of ASP
functionality.
In any early discussion of this, I believe Jim said he thought it
was a
carry-over from an earlier version of the spec where the need was
more clear.
In any event, I think the current question is: What is it about ASP
-- as
opposed to concerns outside of ASP's scope -- that requires checking
for domain
existence?
Avoiding domain tree walking compatible with wildcards w/o depending
on wildcards.
a) MX mandate in conjunction with DKIM Policy
- an empty TXT records can disavow DKIM/SMTP.
- empty TXT records compatible with wildcard TXT records used by
other protocols.
- empty wildcard TXT records compatible with TXT records used by
other protocols.
- consumes smallest amount of DNS cache.
- improves positive caching rates.
- provides much stronger domain protection.
- becomes much simpler when MX is required by SMTP.
b) domain tree walk-up
- results indeterminate when wildcards are in use.
- exposes parent domains to a high volume of transactions
dependent upon negative
caching.
- imposes expectation of policy to override possible parent
domain assertions.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html