Siegel, Ellen wrote:
My question is why that final SHOULD is not a MUST. Granted that
the additional checks are optional, but once the verifier has the
information that the domain does not exist for mail why is
reporting that fact back as an out-of-scope error optional?
The MAY is intentionally vague, tests "such as the ones described
in Section 5 of [RFC2821]". The "non-mailable *indication* might
be also fuzzy, and depending on the tests the receiver could have
reasons to ignore some of these *indications* (the draft uses the
word "indicate").
But I think you have a point, there's some unnecessary MUSTard in
this section that could be trimmed:
| the verifier MUST decide which degree of over-approximation is
| acceptable
s/MUST/has to/, the minimal check is clear, and "not deciding to
do more or not" cannot cause havoc => no 2119 keyword.
| the verifier SHOULD terminate with an error indicating that the
| domain is out of scope.
s/SHOULD/can/, if a receiver does more (at this point it's clear
that the domain is no NXDOMAIN), and then for whatever reason
does not use the result of these additional tests, it is okay =>
no 2119 problem.
I'm not sure that the end of 4.3 is okay, NOERROR means "got one
or more TXT records". If it's one TXT record matching the ADSP
syntax it's the wanted record. And if it is one TXT record not
matching the ADSP syntax ? What if there are additional (not
yet specified) name = value pairs ? What if there is more than
one record matching ADSP ? (Related to the wildcard 6.3 issues)
The outcome after SERVFAIL is explained, but not after NXDOMAIN.
Why not say "otherwise" ? And where is the normative reference
explaining what NOERROR / SERVFAIL / NXDOMAIN actually means ?
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html