ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] domain existence check

2008-05-22 11:44:16


Steve Atkins wrote:
The reason for the existence check is simply to make it possible
for an ADSP user to specify consistent policy across all their
space in the DNS tree. A simple check for NXDOMAIN is
sufficient to fill that need. Any semantics beyond that are moving
beyond the reason that the check is needed.


Each form of pre-test provides a narrow degree of enhanced protection across a 
domain tree.  Note that no pre-test at all is necessary for 'protecting' a 
single domain name, since the presence or absence of the ADSP record does that 
entirely sufficiently.

(Again, to the extent that one is seeking protection with sites that do not 
use ADSP, one is completely beyond the scope of this working group.)

Narrow does not mean useless, but it does mean narrow, as in incomplete.  This 
vigorous insistence on demanding a use of a particular mechanisms that 
nonetheless provides incomplete enforcement is quite odd, since its utility 
amongst the broader spectrum of abuse exploits is so small.

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html