On Fri, 2008-05-30 at 01:28 -0400, Tony Hansen wrote:
My conclusions from reading ssp-03 and the proposed rewording of section
4.3 found in levine-adsp-00 and otis-adsp-02 is that:
* ssp-03 and levine-adsp-00 require that you check that the domain
exists.
Yes, except the outcome is different. Or that is how I interpret the
text. ssp-03 says:
If the result of this query is an "NXDOMAIN" error, the algorithm MUST
terminate with an appropriate error.
From this text, I don't really understand what the appropriate error is.
I suspect it really should say "appropriate result". I came to this
conclusion after reading Eric's comments earlier in the year:
Subject:
Re: [ietf-dkim] New Issue:
protecting a domain name vs.
protecting a domain tree
Date:
Wed, 09 Apr 2008 10:46:16 -0700
(13:46 EDT)
"... and the absence of an ADSP record means that unsigned mail must be
deemed legitimate. Without step 2 there is nothing example.com can do to
protect its name space."
Eric doesn't really say what to do with such a message, but I suspect
he'd like us to discard it.
levine-adsp-00 says:
The verifier MUST return an appropriate error result for Author Domains
that are outside the scope of ADSP.
To me, "outside the scope" allows a receiver to assume the message is
legitimate, assuming no other checks besides ADSP are done.
If these 2 points have been hashed out before, I apologize.
--
:: Jeff Macdonald | Director of Messaging Technologies
:: e-Dialog | jmacdonald(_at_)e-dialog(_dot_)com
:: 131 Hartwell Ave. | Lexington, MA 02421
:: v: 781-372-1922 | f: 781-863-8118
:: www.e-dialog.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html