Stephen Farrell wrote:
Thing 3:
[...]
If you do post text for that please put "caveats" in the
subject as well as 1576.
~~~ old ~~~
= It is possible to add a wildcard TXT record alongside a
= wildcard MX that will provide suitable ADSP records for
= any domain chosen by an attacker, since if the wildcard
= synthesizes chosen-name.example.com IN MX, it will then
= also synthesize _adsp._domainkey.chosen-name.example.com
- IN TXT. However multiple wildcard TXT records produce
- an undefined ADSP result, which means you cannot also
- publish both ADSP records and records for any other
- TXT-using protocol (such as SPF) for a wildcard domain.
~~~ new ~~~
= It is possible to add a wildcard TXT record alongside a
= wildcard MX that will provide suitable ADSP records for
= any domain chosen by an attacker, since if the wildcard
= synthesizes chosen-name.example.com IN MX, it will then
= also synthesize _adsp._domainkey.chosen-name.example.com
+ IN TXT. This practice is NOT RECOMMENDED, as it might
+ not work as expected in the presence of multiple TXT
+ records for different purposes. When publishers try it
+ anyway, the ADSP record MUST start with "dkim=" followed
+ by one of the registered Outbound Signing Practices as
+ specified in section 5.2.
~~~ end ~~~
Remove (missing) three-letter acronym expansion for SPF.
Remove (missing) informative RFC 4408 reference.
Add (missing) informative RFC 4592 reference used in 6.3.
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html