Re: Options for the ID Command

On Tue, 17 May 2005 18:25:03 PDT, David MacQuigg said:

> Before we get too far off track, let's recall the question - How can we 
> have a neutral ID Declaration, when the different authentication methods 
> expect different fields in an email to be the ID?
Exactly the problem you're failing to solve.

>                                                    Have I answered that 
> question?
No, you haven't.

>           Do you understand how having an ID declaration avoids multiple 
> queries, "hunting" for DNS records?
Nope. In fact, you just made me make *another* lookup to find out that you
support SPF.  I'll still have to do the SPF queries.

Listing the DK2 under the _AUTH is *broken* - that's something you *really*
need to go back to the DNS *of the domain* to fetch. "Here - verify this
purported domain using the key that's stashed someplace under my control, not
someplace under the control of the purported domain".

"Here's some PGP-signed stuff from President Bush. To prove it, I've appended
his public key. Honest! It's really his!" :)

> The record above was for a really huge domain, rr.com.  I'll be happy to 
> discuss with you the proposal for DNS authentication records, but first, 
> let me know that you have read the proposal.
I'm glad it works for your tiny, non-complicated domain that only sources
RR.COM and only from 11 addresses.  Let me know what the DK2 would look like if
those 11 outbound servers *also* hosted e-mail for 10K domains each (remember -
they probably need separate DK entries for each hosted domain...)

pgpHnpHUn4pKD.pgp
Description: PGP signature