On Mon, 30 Aug 2004, Andrew Newton wrote:
On Aug 30, 2004, at 5:58 PM, Richard Shockey wrote:
I belive this argument has already been decided and the IAB and IESG
will not accept further specifications that are based on the use of
the TXT RR with the singular exception for MARID for the well know
reasons outlined in the San Diego meetings.
I hope this is true.
I also hope that we'll stop abusing TXT records and either create new or
use other appropriate DNS record types or new protocol.
I would point out that there is no necessity to actually use DNS pointer
at all and that pointer to correct root certificate or public key can be
part of the signature itself (as I did with Certificate-Verification-Service
header or S/MIME attribute in MTA Signatures draft) and this allows to
support multiple schemes of verifying signatures and/or obtaining public
key at the same time (one can be through http and one through dns for
example) and support for slow upgrade paths to new verification methods in
the future. We do still need an optional way to identity of domain or MTAs
that are ALWAYS using signature mechanism to be able to reject email that
is supposed to be signed but was not (for this mail policy record such as
SFP can be good fit).
If it can't fit into a DNS packet, I actually favor an ESMTP extension
for dialback use.
I would generally be opposed to SMTP Callback, it does not buy us anything
that we can't do with one of the other protocols which could potentially
be developed in eithier way. HTTP XML based protocol extensions could work
better and be lot more extendeable.
---
William Leibzon, Elan Networks:
mailto: william(_at_)elan(_dot_)net
Anti-Spam Research Worksite:
http://www.elan.net/~william/asrg/