ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] protecting domains that don't exist

2008-04-14 09:43:53
Wietse wrote:

John Levine:
As someone pointed out, you can interchange steps 1 and 2 in the
specification, putting the existence check first.  And then, of
course, you can decide that the existence check is done outside
ADSP. 
If the existence check is removed, I would advocate putting in
language that says an existence check SHOULD be
performed before doing ADSP.
 That seems reasonable.  My objection (and I think also Dave's) is
not
that it's a bad idea, but that it's not part of DKIM or ADSP.

+1

+1

It's unfortunate that DNS won't let us specify ADSP policies that
cover only non-existent originator domain names, but wishing for such
an ability does not mean that we suddenly can.

The NXDOMAIN result for the originator domain cannot(*) correspond
with an ADSP policy (one of "unknown" / "all" / "discardable"), and
therefore it cannot be part of ADSP.

Would it be an acceptable compromise to add the above (or similar) to
the draft?

(*) Otherwise we could declare 99.9999% ADSP deployment today.

Hmm, maybe we should do that instead....


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html