[Top] [All Lists]

Re: Options for the ID Command

2005-05-17 18:47:16
On Tue, 17 May 2005 18:25:03 PDT, David MacQuigg said:

Before we get too far off track, let's recall the question - How can we 
have a neutral ID Declaration, when the different authentication methods 
expect different fields in an email to be the ID?

Exactly the problem you're failing to solve.

                                                   Have I answered that 

No, you haven't.

          Do you understand how having an ID declaration avoids multiple 
queries, "hunting" for DNS records?

Nope. In fact, you just made me make *another* lookup to find out that you
support SPF.  I'll still have to do the SPF queries.

Listing the DK2 under the _AUTH is *broken* - that's something you *really*
need to go back to the DNS *of the domain* to fetch. "Here - verify this
purported domain using the key that's stashed someplace under my control, not
someplace under the control of the purported domain".

"Here's some PGP-signed stuff from President Bush. To prove it, I've appended
his public key. Honest! It's really his!" :)

The record above was for a really huge domain,  I'll be happy to 
discuss with you the proposal for DNS authentication records, but first, 
let me know that you have read the proposal.

I'm glad it works for your tiny, non-complicated domain that only sources
RR.COM and only from 11 addresses.  Let me know what the DK2 would look like if
those 11 outbound servers *also* hosted e-mail for 10K domains each (remember -
they probably need separate DK entries for each hosted domain...)

Attachment: pgpHnpHUn4pKD.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>