ietf-mailsig
[Top] [All Lists]

Re: wildcards, was dkim technology?

2005-07-15 00:01:13

I suspect that the DNS gurus will give us (people interested in DKIM)
the same response as they gave SPF folks:  You can create a server
side macro processing that automatically adds the appropriate records
to the zone file before it is published.  The secondary NS will then
be able to pick up these extra records when they do an AXFR.

It would be useful to review the discussion of CSV wildcards on the
namedroppers list, particularly since DKIM uses name prefixes like
CSV does.

The largest sentiment was, as you say, that current DNS wildcards
solve all problems and you need only do six backflips to stuff your
zone full of all of the necessary records.  A significant
counterfaction including Paul Vixie agreed that DNS needs internal
wildcards to give the effect of _prefix.*.whatever, which isn't
possible now and will never be unless DNSSEC is completely redesigned
(although it might be possible to implement them on the client side.)

The overall sense I got was that nobody liked zone cuts, and although
a tree walk is a bad solution, unless you believe that current
wildcards handle prefixed names, which they don't unless you use
a rather exotic definition of "handle", they are the least bad option.

R's from ICANN-land,
John



<Prev in Thread] Current Thread [Next in Thread>