On Wed, Mar 11, 2009 at 4:33 PM, Mark Delany
<markd+dkim(_at_)yahoo-inc(_dot_)com<markd%2Bdkim(_at_)yahoo-inc(_dot_)com>
wrote:
On Wed, Mar 11, 2009 at 3:33 PM, Steve Atkins
<steve(_at_)wordtothewise(_dot_)com>wrote:
Did we already look at this idea and discard it before we settled on
using a DNS query for every email received?
Discussed, not discarded. AFAIR, the general feeling is that Lookups are
cheap today.
Essentially such an approach is asking every MX target with more than one
system to invent some way of distributing the knowledge it discovers on an
inbound, signed message.
You also have to invent mechanisms to deal with corner cases and timing
windows, such as when one MX target receives a "we don't sign all anymore"
and another MX target for the same domain almost immediately receives an
unsigned email from that domain. Or what if you use your ISP as a secondary
MX and the "state changing emails" happened to be queued up there for a
while?
I also don't see how it changes anything from a functional POV. If ADSP is
carried in the signature vs carried in a DNS record, it would presumably
invoke the same level of WG discussion over semantics and purpose.
Given the highly cacheable nature of ADSP information and the fact that
we're already querying the DNS for key information, it's unclear what the
big benefit would be in moving this in-band.
Outside of DNS query related technical issues, the first
operational repercussion is the lost of handling legacy mail. We need to
use an "standard anchor" something we know will always be there, which as it
is now, is the From: domain lookup.
--
hls
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html