ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] New Issue: protecting a domain name vs. protecting a domain tree

2008-04-07 13:56:20
a) DKIM is for declaring the presence of an accountable identity.
If a signature is present, you know something.  If it is absent,
you know nothing extra.

b) ADSP attempts to tell you something, in the absence of a
signature.  It does that by defining something else that must be
present.  If the ADSP record is present, you know something.  If
it is absent, you know nothing extra.

c) Checking for the presence of [any DNS] record is intended to try
tell you something in the absence of an explicit action by the
domain owner.  That's it's flaw: It is intuiting ADSP information
from non-ADSP action.

To clarify a perhaps overlooked point: the existence of [any DNS]
record for the Originator domain does NOT imply that it is a valid
email origin.  If the record is absent, then we know nothing that
the absence of the ADSP record for that domain didn't already tell
us. Any suggestion to the contrary is probably a mistake.

While there is nothing wrong with checking [any DNS] record, it's
semantics have literally nothing (directly) to do with ADSP.

        Wietse
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>