[ietf-dkim] New Issue: protecting a domain name vs. protecting a domain tree

Stephen Farrell stephen.farrell at cs.tcd.ie
Tue Apr 8 12:12:13 PDT 2008 

Can we just park the "was consensus reached/documented" aspect
of this thread for a couple of days? I'll go back through the
archive and see if the ball was dropped (by Barry and I) or not.
But that'll take a day or two.

S.

Dave Crocker wrote:
> Eliot,
> 
> I am trying to be careful and specific in the things I am posting, here, and you 
> and others need to be the same. My goal is to get discussion going.  Yours 
> appears to be to stop it. Unfortunately, that has often been at the root of 
> problems in this working group.
> 
> Let me repeat the bottom line, once again:
> 
>       There is nothing in the mailing list archive that demonstrates working 
> group rough consensus on the matter of extending ADSP's scope to include more 
> than a single, exact-match name.
> 
>       The record *does* contain discussion about the problems with attempting 
> this expanded scope.
> 
> So please stop repeating broad references that turn out to be invalid or off the 
> point.  The substantiation for this assessment is in the remainder of this 
> message...
> 
> 
> Eliot Lear wrote:
>> 1402 and 1534 were specifically mentioned and discussed in Philly in 
>> Jim's presentation 
>> <http://www3.ietf.org/proceedings/08mar/slides/dkim-0.pdf>.
> 
> "1402   Duplicate of 1534    Applicability of SSP to subdomains"
> 
> The above text contains the only reference to either of the documents in Jim's 
> slides.  To the extent that it "proves" discussion took place, it is content free.
> 
> And let's get very clear about something:  I did not say there was no 
> discussion.  So your "proving" that discussion took place in Philadelphia is not 
> the issue.
> 
> 
>>    In fact, 
>> between the two they've been discussed at multiple meetings.    We know 
>> this because the mechanism has changed over time and was presented as it 
>> changed.
> 
> Since I didn't claim otherwise, I'm not sure what your point is.
> 
> In any event, it would be nice to see documentation of the details in such 
> discussion and what it's conclusions were.
> 
> But most importantly we need to see documentation of consensus on the mailing 
> list.
> 
> You do not address this fundamental IETF requirement. And by "address" I mean 
> point to specific details that provide confirmation.  Generic document 
> references don't help, particularly when it turns out that they do not prove 
> your point.
> 
> 
>    You can continue to traipse through the minutes of previous
>> meetings (my own recollection and the minutes confirm 
>> <http://www.ietf.org/proceedings/07mar/minutes/dkim.txt> that is that 
>> the group spent time on this very issue in Prague). 
> 
> 1. For perhaps the third time: the minutes do not contains the strings 1402 or 
> 1534. The only reference to "tree" is:
> 
>     "Discussion focuses on subdomains, wildcards, tree-walking."
> 
> While, yes, it's entirely reasonable to take that as proof that something was 
> said, it does not provide any content.  In particular, it doesn't even describe 
> the claimed conclusions.
> 
> 
>> You did not 
>> object.  My own recollection of the Prague discussion was that we 
>> specifically considered the positives and negatives of tree walking as 
>> well as a domain existence query, but perhaps the audio i lying around 
>> if you want to go to more detail.
> 
> Concerns about sub-tree details have been expressed repeatedly and broadly over 
> the months.
> 
> Whether I, in particular, voiced them in Philadelphia, seems to be a rule you 
> are attempting to enforce as meaningful and I can't guess why.
> 
> 
>> Putting aside that procedural issue, the fundamental basis for your 
>> concern is that there are two independent systems that have no basis for 
>> interdependency.  
> 
> I'm pretty sure that what I said does not strictly map to your characterization 
> of it.
> 
> Were you attempting to engage in constructive dialogue, rather than shut this 
> thread down, the question of its equivalence or difference strikes me as 
> potentially useful for improving everyone's understanding of the issue.  So it's 
> a shame that you have chosen to take such an adversarial stance.
> 
> 
>>    But your premise is false, and the issue is 
>> specifically raised in the current -03 draft, here:
> 
> Qouting an entire passage always feels comforting.  However I do not see which 
> bits of text are on point or how.  To the extent that your own comment is meant 
> to clarify this:
> 
>> No A record required, as Frank and I mentioned earlier.
> 
> my constantly referring to A record probably is, indeed, distracting.  I'm happy 
> to substitute all of my references to A with NXDOMAIN.  I believe it does not 
> change any of the technical, administrative or operational concerns I raised.
> 
> 
>> Perhaps I have missed some text that you are referring to.  Could you 
>> correct me?
> 
> I don't understand what you are asking for.  Text that says what?
> 
> d/

More information about the ietf-dkim mailing list