MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues
Hector Santos
hsantos at santronics.com
Wed Jun 6 22:11:37 PDT 2007
Douglas Otis wrote:
>
> On Jun 6, 2007, at 3:35 PM, Hector Santos wrote:
>
>> But why NO MAIL? Why not other policies?
>>
>> A system can have a default NO MAIL policy or a default I SIGN
>> EVERYTHING or anything else.
>>
>> Here is a workable Wildcard syntax that has a default NO MAIL POLICY
>>
>> *._ssp 0 TXT ... no mail policy...
>> _ssp 0 TXT ... I may sign ..
>> public._ssp 0 TXT ... I never sign ...
>> sales._ssp 0 TXT ... I always sign ..
>> corp._ssp 0 TXT ... I always sign ..
>>
>> and one with a default I ALWAYS SIGN
>>
>> *._ssp 0 TXT ... I always sign ..
>> public._ssp 0 TXT ... I never sign ...
>
> This requires a transaction at every label within the domain in
> question, where of course, this also clobbers SLDs.
Explain to me why this is a problem?
I am borrowing the logic used from one of the original LMAP proposals,
DMP, which SPF based on its merged designed with another LMAP RMX? proposal.
This is a single lookup by the client, no traversal, no loop, required.
THe *._SSP record gives you the global default result as desired by the
main domain.
So regardless of the subdomains provided, you have a GLOBAL default.
Then for specific subdomains, you can further defined specific txt
records to override the default.
Again, I am no DNS expert, but is there a TECHNICAL problem with this?
Explain it to me in terms of where there is overhead, pressure or lots
of work, if any, on the DNS server?
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
More information about the ietf-dkim
mailing list