I've changed the Subject, since we are well off the topic of ID declaration.
At 03:31 PM 4/13/2005 -0400, Radu Hociung wrote:
Dave Crocker wrote:
Radu wrote:
I think you hit the nail on the head. Some common way for the recipient to
know which of (CSV, SPF, DomainKeys, etc, etc) is available would be nice.
Otherwise, the recipient is left "hunting", ie, searching all places it
knows about, on DNS or wherever.
What MIME types does a recipient support?
What servers does a target host support?
With extremely few exceptions, Internet mechanisms do not support a
test-before-using model.
If I read your reply correctly, you would support such an initiative which
would advertise what else is available.
I think what I call 'hunting' you call 'test-before-using' ?
In fact, for SPF I would suggest we set aside a whole modifer set for this
purpose. Perhaps the modifiers that start with the character "o" can be
used to designate "other" mechanisms. Ie o{mechanism}=
Rather than have an SPF-specific way of specifying the authentication
method, I would propose a general-purpose authentication query. One query
to _AUTH.<domain> gets all the authentication information from a domain in
summary form, including all methods the domain chooses to use, and as many
parameters as they can squeeze into 450 bytes, a limit imposed by the
512-byte DNS message format.
Here is an example of a 339-byte authentication record for a large, complex
domain, with many subdomains and thousands of servers all over the
USA. This domain provides 3 authentication methods, QR1, SPF1 and
DK2. These should be executed in the sequence shown. Parameters for each
method are given later in the record, or (if a + follows the method name)
in additional records.
meth=QR1,SPF1+5,DK2 ; maximum 5 additional queries for SPF1
QR1:ip=?170(24.30.203;24.28.200;24.28.204;24.30.218;24.93.47;24.25.9),
+4(65.24.5.120;24.94.166.28;24.29.109.84;66.75.162.68;24.24.2.12)
DK2:dk=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5
o6lMIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7EX
zVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB
For a more complete statement of this proposal see
http://purl.net/net/macquigg/email draft-authent-interop-00.htm.
I'm not seeing the need to declare the method in any envelope
information. A minimum of one DNS query will always be necessary, and that
first query can state the methods.
--
Dave
************************************************************ *
* David MacQuigg, PhD email: dmquigg-spf at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *