On 08/Nov/10 06:25, Murray S. Kucherawy wrote:
Filename: draft-kucherawy-authres-vbr
Revision: 00
Title: Authentication-Results Registration For Vouch By
Reference Results
Creation_date: 2010-11-07
WG ID: Independent Submission
Number_of_pages: 7
Abstract:
This memo updates the registry of properties in Authentication-
Results: message header fields to allow relaying of the results of a
Vouch By Reference query.
Nice one, Murray!
Section 4 (Definition) is ambiguous, though. It says "the DNS domain
name used to perform the VBR query", but a VBR query takes two domain
names. I think mentioning the tag (md, according to the example)
would make it clearer.
However, why not structure all the available domains? E.g. delivering
something like (modified from section A.1)
Authentication-Results: mail-router.example.net;
dkim=pass (good signature) header.d=newyork.example.com
header.b=oINEO8hg;
vbr=pass (all) header.mv=voucher.example.net
header.md=newyork.example.com
where the comment contains the actual content of the TXT record. A
machine readable voucher name could be used by clients to learn what
vouchers a server trusts.
Another item that may need clarification is the "positive response"
given in the definitions of "pass" and "fail". It could be expanded
as, say,
pass: A VBR query was completed and the vouching service queried
gave a positive response. That is to say, it returned a record
consisting of strings of lowercase letters separated by spaces,
as per section 5 of [VBR].
The added sentence is meant to dispel any question on whether the
verifier should attempt to match the text in the RR with the content
of the mc= tag in the VBR-Info header field, if any.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html