On Fri, 11 Apr 2008 18:09:29 +0100, John Levine <johnl(_at_)iecc(_dot_)com>
wrote:
This is one of the reasons that I raised the question of whether it
is possible to find the "base" domain (not TLD) that the organization
controls.
You can't. There's nothing in the DNS that lets you determine what
organization is responsible for what entries. Some people claim you
can do it from zone boundaries but for a variety of reasons they are
mistaken.
Can you remind us why again?
What is wrong with saying "IF you publish an SOA record for a domain, then
you MUST publish an ADSP at that level if you want ADSP to apply". I.e.,
if verifiers find an SOA, they need look no higher.
Then, as a separate issue, you can prescribe how many levels verifiers
need to climb looking for ADSP and SOA. The current draft effectively says
"climb at most one" which, as many people have pointed out, gives 95% of
the benefit of an unrestricted climb.
Clearly, TLDs will have an SOA but no ADSP, so the climb will certainly
stop there.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html