ietf-mailsig
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SSP - policy location compatibility with DK

2005-07-28 10:58:48
from [Arvel Hathcock] [Permanent Link]
The _domainkey part is needed to address an attack vector IIRC (although the specifics of the attack escape me at the moment). 

--
Arvel
----- Original Message ----- From: "Hector Santos" <hsantos(_at_)santronics(_dot_)com> 
To: "Arvel Hathcock" <arvel(_at_)altn(_dot_)com>; "IETF MASS WG" 
<ietf-mailsig(_at_)imc(_dot_)org>
Sent: Thursday, July 28, 2005 12:10 PM
Subject: Re: SSP - policy location compatibility with DK





----- Original Message -----
From: "Arvel Hathcock" <arvel(_at_)altn(_dot_)com>



I can completely agree that the policy be located where the current SSP
draft states - _policy._domainkey.<domain>.  However, I would like to
propose (no surprise) that there be a "informative implementation note" or 
whatever the appropriate vehicle is to say something like this:

"In the event that an SSP record can not be located at
_policy._domainkey.<domain> a verifier SHOULD look for the SSP record at
_domainkey.<domain>."


I agree.  One location.

Why not just <domain>?

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Better DKIM Verification Example Needed, Arvel Hathcock
Next by Date:  Re: Better DKIM Verification Example Needed, Hector Santos
Previous by Thread:  Re: SSP - policy location compatibility with DK, Hector Santos
Next by Thread:  Re: SSP - policy location compatibility with DK, Arvel Hathcock
Indexes:  [Date] [Thread] [Top] [All Lists]