On 3/10/2011 5:26 PM, John R. Levine wrote:
<t
hangText="NOTE:"> The use of a wildcard TXT record
that covers a queried DKIM domain name will produce a
response to a DKIM query that is unlikely to be valid
DKIM key record. This problem is not specific to DKIM
and applies to many other types of queries. Client
software that processes DNS responses needs to take
this problem into account.</t>
But note that the final sentence is meaningless, since it provides no
guidance
about what it means to "take this problem into account". And the answer isn't
obvious. For example, I have no idea what a DKIM implementer should do to
satisfy this caution.
Not only is it confusing, it's wrong. Wildcard records work just fine when the
wildcard is below the _domainkey label, e.g. *.foo._domainkey.example. They
work
less fine in other cases.
The modified text I offered is intended to handle several coverage problems
with
the original text, including the one you cite. Are you suggesting that it does
not succeed? If so, what text do you instead suggest?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html