Jim Fenton:
Dave Crocker wrote:
J D Falk wrote:
Wietse wrote:
How would a receiver discover the top-level domain given example.com,
example.ac.uk, example.org.au, etc.?
The same way we do now: annoying, manually maintained case statements.
This relies on a resource that is not specified in the document, is not
publicly standardized, and changes.
Not such a good thing.
Exactly what terrible outcome does this produce if this is done wrong?
It's unlikely that com, ac.uk, or org.au are going to publish ADSP
records. So there is an unnecessary query to the parent, which is
probably cached anyway (15 minutes for com, 1 day for ac.uk).
Jim,
You deleted the context of the original question: a mechanism that
allows organizations to advertise a policy in one place that applies
to their entire DNS tree.
In the absence of a solid algorithm that determines the top of an
arbitrary organization's DNS tree, verifiers will have to walk up
the entire DNS tree from the bottom.
Thus, ADSP becomes a tool thay can be mis-used for trivial
amplification attacks by sending rfc2822.from addresses with many
domain levels. That is not a good thing for a protocol that attempts
to improve security. The prime directive should be "do no harm".
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html