[ietf-dkim] New Issue: protecting a domain name vs. protecting a domain tree
Stephen Farrell
stephen.farrell at cs.tcd.ie
Tue Apr 8 12:16:07 PDT 2008
Dave Crocker wrote:
> Whether ADSP can reasonably extract some semantics is an entirely reasonable
> line of question.
Right. And that's the basis on which Barry and I think this worth
discussing again.
> What we need to see is discussion and consensus that it can and does and that
> the benefits outweighs the costs.
>
> An nice example of a counter-argument is:
>
> Wietse Venema wrote:
> > The problem is that "valid email origin" is a subset of all the
> > names that resolve in the DNS. In other words, there are false
> > positives in the algorithm that continues when [any DNS] record
> > lookup succeeds.
>
> One interpretation of this point is that the presence of a DNS entry (that is, a
> 'failure' to get an NXDomain) might be meaningful, but the scope of its meaning
> is much broader than ADSP.
I'm not following that. Can you give an example? Even if its partly
speculative, it'd help me understand your point. (And in this case,
I guess speculation as to future uses of DNS might be valid, since
the current absence of entries is what we're proposing to use.)
Stephen.
More information about the ietf-dkim
mailing list