On 28/05/2008 13:44, "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net> wrote:
People have reached a level of saturation and exhaustion on the question of
doing an existence/validity check, to see whether a name is registered [and
intended for email use.]
*agree*
OK... start shooting.
I don't care about the existence/validity check. In the real world, that
check already happens (in most cases) before any authentication checks, so
it doesn't matter to me and is unlikely to matter to anyone else outside of
the IETF whether that query is mentioned in the ADSP draft or not.
On the other hand (which may not even be connected to the first hand),
there's clearly a strong desire for some domain owners to be able to assign
the same ADSP to everything within their namespace -- and there are clearly
real-world cases where it's appropriate to do so.
I do, however, see a problem with making it the default. Borrowing Dave's
examples, transactions.paypal.com and newsletter.paypal.com and
corporate.paypal.com are different entities operated by different
departments with different business logic. One or more may even be
outsourced. The default should NOT be to tie those together.
On yet a third hand, many verifiers will probably choose not to walk the
tree back to some undefined point. We can call it SHOULD, but we can't call
it MUST.
So, my proposal:
1. flip a coin at MAAWG in a couple weeks (no reason to wait for IETF 72) to
decide whether to mandate an existence/validity check;
2. add an appropriately named flag to ADSP to allow domain owners to say
"this same policy applies to everything within this namespace," with
appropriate warnings that verifiers may ignore it.
--
J.D. Falk
Return Path
Work with me!
http://www.returnpath.net/careers/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html