John,
The reported issue was about *mixed* TXT usage caused by wildcards.
And it amounted to a large Domain Hosting vendor ONLY offering this
for spf:
*.example.com IN TXT "v=spf1 .........."
And that created mixed query results after adding DKIM related TXT
records.
The proposed correction text is a) reminder to avoid using them and b)
for verifiers to be ready to deal with it. i.e. be able to parse for
the right DKIM related text string.
--
HLS
John R. Levine wrote:
Forgive me if I repeat myself, but I still don't see anything wrong
with this:
*._domainkey.example.com IN TXT "v=DKIM1; p=; n=revoked"
Do you have an actual use case for that sort of thing, or is it just
an example to poke at the "thou shalt not wildcard" wording?
That example above revokes all unknown keys.
On this message, I've encoded a timestamp and the pid into the DKIM
signature selector, so I can use my DNS query logs to get an idea of
who's checking the signatures on what messages.
These may not be fabulous uses of wildcards, but they are at worst
harmless. There's a lot of places in the DKIM spec where we say if you
do so-and-so, you'll be sorry. I'd like to avoid saying that unless we
have a good reason to do so, and I only see problems with wildcards
above the _domainkey label.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for
Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
------------------------------------------------------------------------
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html