Jim Fenton wrote:
Iprev
It seems a little strange to me to introduce a new authentication method
in the auth-results draft. If we need this, I think it should be in a
separate draft/RFC. Auth-results is about representing the results of
authentication, not how to authenticate.
Yes, this specifies something that is an adjunct to the focus of the
spec. And it's always good to question the inclusion of such
material. One vote in favor can be that it facilitates adoption. In
any event, this one does not seem all that risky and it hasn't
bothered anybody, so I suggest leaving it alone.
It hadn't bothered me because I hadn't seen it up until now. I really
wasn't expecting the A-R draft to introduce a new authentication
method. It may be fine; I just don't know. It hasn't gotten nearly the
scrutiny that all of the other authentication techniques have.
The method was described in RFC4408 (SPF) as the "ptr" lookup
procedure. It's a fairly common practice in a lot of widely deployed
software. I think it's been reasonably well vetted as an algorithm,
though perhaps my description of it doesn't get to make the same claim.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html