On Jul 9, 2008, at 3:21 AM, Charles Lindsey wrote:
On Tue, 08 Jul 2008 19:11:17 +0100, Douglas Otis <dotis(_at_)mail-
abuse.org> wrote:
On Jul 8, 2008, at 7:40 AM, Frank Ellermann wrote:
~~~ new ~~~
= It is possible to add a wildcard TXT record alongside a
= wildcard MX that will provide suitable ADSP records for
= any domain chosen by an attacker, since if the wildcard
= synthesizes chosen-name.example.com IN MX, it will then
= also synthesize _adsp._domainkey.chosen-name.example.com
+ IN TXT. This practice is NOT RECOMMENDED, as it might
+ not work as expected in the presence of multiple TXT
+ records for different purposes.
+1
This provides little benefit unless the record syntax is changed
to offer a reliable defence. The [] denotes an addition made to
the Record Syntax.
4.2.1. Record Syntax
ADSP records use the "tag=value" syntax described in section 3.2 of
[RFC4871].
Tags used in ADSP records are described below [and MUST immediately
begin with the "dkim=" tag.]
+1
(or +1 to any similar improvements that acheive these same effects).
This was poorly worded since the subject does not agree with must.
4.2.1. Record Syntax
ADSP records use the "tag=value" syntax described in section 3.2 of
[RFC4871].
Tags used in ADSP records are described below. [The record MUST
immediately begin with the "dkim=" tag].
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html