[ietf-dkim] New Issue: protecting a domain name vs. protecting a domain tree
robert at barclayfamily.com
robert at barclayfamily.com
Mon Apr 7 13:47:29 PDT 2008
> Date: Sun, 6 Apr 2008 23:06:25 -0700
> From: dhc at dcrocker.net
> To: ietf-dkim at mipassoc.org
> Subject: [ietf-dkim] New Issue: protecting a domain name vs. protecting a domain tree
>
> 3. At least one of the sub-tree mechanisms is attempting to glean information
> from the absence of publisher action. Let me explain:
>
> I believe the desire with checking the A record is similar to the idea
> behind having ADSP in the first space.
>
Dave,
Like others I am guessing that you are referring to section 4.2.2 step 2. In that step it explicitly says that you can check for any record you want and the semantics of the returned record itself are basically irrelevant only the existence of some response other than NXDOMAIN matters. In the case of an NXDOMAIN I didn't read that section as intuiting any policy. It just says to return an error which I read as something different than, return some specific result. Since the domain doesn't exist the administrator can't have been expected to create a policy for it so error seems like the right answer to me.
Otherwise to create policies for all of my domains I would have to create policies not just for all existing sub-domains of that domain (which I personally would support) but all conceivable sub-domains of a domain (which I don't think I would).
Robert
_________________________________________________________________
Pack up or back up–use SkyDrive to transfer files or keep extra copies. Learn how.
hthttp://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_skydrive_packup_042008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/ietf-dkim/attachments/20080407/976b3684/attachment.html
More information about the ietf-dkim
mailing list