This is an area where the decision of the SPF group to co-opt the TXT
record for their exclusive use is a problem. A wildcarded SPF record
will also match prefixed records.
We really need an architecture for extending the DNS that is not
predicated on rolling out new RRs for each new extension.
-----Original Message-----
From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Andrew
Newton
Sent: Monday, August 01, 2005 4:25 PM
To: william(at)elan.net
Cc: Jim Fenton; Arvel Hathcock; IETF MASS
Subject: Re: SSP - policy location compatibility with DK
On Jul 31, 2005, at 11:28 PM, william(at)elan.net wrote:
In previous message on this list Andrew Newton reported 2000
published DK policy records. How many are used is different
question though...
I believe the number was 1855. But this is a preliminary number.
I'm still bug hunting in the code.
However, one of the issues that shows up is that there is no
easy way
to determine that a TXT record is DK. And trust me, there are quite
a few SPF records that are in wildcards. Being able to test for
v=DKIM1 at the beginning would be very helpful. Though parsing the
TXT record to see if it is syntax compatible with DK is pretty easy,
I suspect that there may be situations where something other than DK
syntax is interpreted as such. After all, people put HTML in qnames
and seeing an MX point to 127.0.0.1 is common.
-andy