Steve Atkins wrote:
With respect to an A record, its presence does tell you that the
name is valid, but it does not tell you anything about ADSP
support. Initially there will be virtually no adoption of ADSP. So
what does finding an A record, but no _adsp record, tell you?
It tells you two things. It tells you that the domain owner is aware
of that hostname, and that they did not choose to publish an _adsp
record that covers it.
The latter assertion is incorrect. The word "choose" is active.
During the likely very long adoption curve, there is no way to know whether
they
"chose" not to publish adsp or whether they didn't know about it. These have
very different semantics, I think.
And this gets to the nub of the matter, I think:
As with DKIM, ADSP tells you something when it is there, but tells you nothing
when it isn't. I think the A record check is trying to pretend that you can
learn something when ADSP isn't explicitly present for that domain.
But that's only possible if you know that the organization supports ADSP, and
you can't.
So, when the _adsp TXT is present, you know everything you need to know.
When it isn't, you do not know anything about the organization's practices,
including not knowing whether it has any.
Really.
If a desired functionality is for a domain owner to be able to assert
policy over all hostnames within their domain by publishing a finite
number of _adsp records, then you need an additional step in the
process.
The one-level hierarchy trick is the best you can do.
This effort to use the A record is overloading its semantics and you can't tell
whether the domain owner intends the second meaning.
(BTW, I am being sloppy about referring to A, since I mean A, MX, or anything
other than an _adsp TXT.)
As there will never be a legitimate use of a hostname that may be
checked for an _adsp record that doesn't have any DNS record
corresponding to it[3], asserting an ADSP fail for any case where
there is not a corresponding record in DNS will not cause any
unintended failures,
My point is that the A, MX, whatever record doesn't add any ADSP-related
information.
It is an extra DNS query that provides no ADSP information.
d/
ps. I'm using 'ADSP' since it looks like it has rough consensus, not because
I'm
part of that consensus, which I am...
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html