ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] New Issue: ssp-04 Domain Existence Requirement

2008-07-02 20:19:02
from [Douglas Otis] [Permanent Link] 
3.1.  ADSP Applicability
4.3.  ADSP Lookup Procedure

Verify Domain Scope:

This draft imposes a requirement that a domain within a From email- 
address is to be found within DNS.  This requirement is intended to  
provide a domain control over the ADSP default assertions made below  
their name hierarchy.  However, excluding domains without known TLDs  
could be inappropriate as well.  What is also excluded from this draft  
is a definition for specific protocols where the domains are expected  
to be supported.

NNTP might use a TLD of .invalid to ensure an address is not mistaken  
for a valid email-address.  Micros~1 Exchange permits use of X.400  
email-addresses aliased to a domain name assigned via their registry  
without existing within DNS.  In addition, there is nothing within  
this draft to suggest that the ADSP assertions are limited to messages  
publicly exchanged over SMTP port 25.  This draft should warn ADSP  
DKIM signature expectations may affect other protocols converted and  
then bridged into SMTP, or those received over other protocols by MUAs.

In addition, the suggestion to use wildcard domains to publish ADSP  
TXT records necessitates exclusion of domains without valid host name  
syntax.  This draft tangentially refers to RFC2821, but only with  
respect to case-insensitivity.  Do not expect wildcard domains will  
defend against chosen-name.*.example.com, or chosen- 
name._domainkey.example.com, for example.  These exploits can be  
prevented by insuring valid host name syntax.

Add:

ADSP defines a record that can advertise the extent to which a domain  
signs outgoing mail that is publicly exchanged on SMTP port 25, as  
described in [RFC2821]. Also, how other hosts can access those records.

Advertisements, defined by this document, may also increase DKIM  
signature expectations for messages received by Mail User Agents  
(MUAs) or for messages which might have been exchanged over protocols  
other than SMTP. In some circumstances, author domains may wish to  
have accommodations for protocol failures or for mixed public protocol  
messaging not to be made.

-Doug












_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] New Issue: ssp-04 Domain/Identity conflict, Douglas Otis
Next by Date:  [ietf-dkim] New Issue: ssp-04 DNS operational requirement, Douglas Otis
Previous by Thread:  [ietf-dkim] New Version Notification for draft-ietf-dkim-ssp-04 (fwd), John Levine
Next by Thread:  Re: [ietf-dkim] New Issue: ssp-04 Domain Existence Requirement, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]