[ietf-dkim] New Issue: protecting a domain name vs. protecting a domain tree
Stephen Farrell
stephen.farrell at cs.tcd.ie
Tue Apr 8 14:24:10 PDT 2008
Stephen Farrell wrote:
>
> Dave Crocker wrote:
>> Whether ADSP can reasonably extract some semantics is an entirely reasonable
>> line of question.
>
> Right. And that's the basis on which Barry and I think this worth
> discussing again.
Sorry, I should have said "a basis" above. Its been pointed out to me
that Dave's concern is broader than just the above which is fair enough.
S.
>
>> What we need to see is discussion and consensus that it can and does and that
>> the benefits outweighs the costs.
>>
>> An nice example of a counter-argument is:
>>
>> Wietse Venema wrote:
>> > The problem is that "valid email origin" is a subset of all the
>> > names that resolve in the DNS. In other words, there are false
>> > positives in the algorithm that continues when [any DNS] record
>> > lookup succeeds.
>>
>> One interpretation of this point is that the presence of a DNS entry (that is, a
>> 'failure' to get an NXDomain) might be meaningful, but the scope of its meaning
>> is much broader than ADSP.
>
> I'm not following that. Can you give an example? Even if its partly
> speculative, it'd help me understand your point. (And in this case,
> I guess speculation as to future uses of DNS might be valid, since
> the current absence of entries is what we're proposing to use.)
>
> Stephen.
>
> _______________________________________________
> NOTE WELL: This list operates according to
> http://mipassoc.org/dkim/ietf-list-rules.html
>
More information about the ietf-dkim
mailing list