ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] protecting domains that don't exist

2008-04-15 16:44:52

On Apr 15, 2008, at 3:36 PM, Frank Ellermann wrote:

Douglas Otis wrote:

ADSP must either assume email-addresses within the From header are  
suitable for use with SMTP, and then check for SMTP specific DNS  
resource records, or require each domain to publish policy resource  
records.

Don't think so, "domain does not exist" is general enough.  Some  
mechanism to discover a say jabber server might use SRV and NAPTR  
magic, but if the domain doesn't exist there is also no magic to  
worry about.

And ADSP is for RFC 2822 messages, not IM, SIP, or what you have.

If there's a problem (apart from step 3) I think the draft needs to  
mention that domain literals should get ADSP result "unknown".

This is still assuming use of DNS in conjunction with some future  
transport.  PNRP would be an example of name resolution services fully  
independent of DNS.  Not to recommend PRNP, this example only suggests  
the possibility.  It seems using DNS to assert policy necessitates use  
of DNS by all possible transports.  Unless consensus surrounding ADSP  
being forever linked to SMTP/DNS can be established, an assumption of  
'existence' checks seems rather dubious.  The NXDOMAIN existence check  
also ignores issues related wildcards which may be beyond the control  
of the originating domain.  It is rather ironic a well considered  
alternative policy scheme depended upon use of wildcards and  
publishing records at every node blocking the wildcard.

ADSP policy should state it only applies to SMTP, where at least SMTP  
discovery records can replace dependence upon the questionable return  
of NXDOMAIN.  Requiring MX records be published in conjunction with  
policy records also sets an upper limit on the number of policy  
records transactions any future SMTP policy may require.  Without an  
MX, assume no policy.  Without an MX or A record, assume no SMTP  
relevant messages relate to this domain.  Messages over other  
transports would need to establish different criteria (policies)  
possibly in conjunction with their discovery mechanisms.

-Doug
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>