ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] "interoperability"???

2008-05-01 16:22:12
Dave Crocker wrote:

For example, let's say that a receiver chooses either not to do the 
NXDomain test or chooses to process the result differently than the 
document specificies.

Exactly what terrible outcome does this produce?

It produces the outcome "unknown" for non-existent domains, that is 
subject to misinterpretation.

It's more important when coupled with the parent domain check.  If DKIM 
has the parent domain check (the misleadingly named "tree walk" in 
common parlance), referencing the parent domain's ADSP without checking 
for the existence of either the parent or subdomain makes it impossible 
to protect against the multilevel (a.b.c.d.e.example.com) attack.

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html