[ietf-dkim] New Issue: protecting a domain name vs. protecting a domain tree
Stephen Farrell
stephen.farrell at cs.tcd.ie
Tue Apr 8 14:29:14 PDT 2008
Dave Crocker wrote:
>
>
> Stephen Farrell wrote:
>>> One interpretation of this point is that the presence of a DNS entry
>>> (that is, a 'failure' to get an NXDomain) might be meaningful, but
>>> the scope of its meaning is much broader than ADSP.
>>
>> I'm not following that. Can you give an example? Even if its partly
>> speculative, it'd help me understand your point. (And in this case,
>> I guess speculation as to future uses of DNS might be valid, since
>> the current absence of entries is what we're proposing to use.)
>
>
> DKIM and ADSP fit into a larger framework of filtering activities. I
> hope there is nothing controversial about that assertion.
>
> It means that there are many analyses and tests that are outside the
> scope of DKIM (and ADSP).
>
> Some filtering engines query for an NXDOMAIN today, independent of DKIM
> or ADSP.
>
> That's a pretty clear indication that its meaning and utility are not
> tied to ADSP.
All that seems clear. I guess however, it still doesn't help me
with (an example of) why ADSP making a query and reacting to an
NXDOMAIN response as currently spec'd may be problematic.
I think the logic for the WG not wanting ADSP to be able to
expliticly state "no mail" was correct, but that this case seems
different, hence the request for an example.
S.
More information about the ietf-dkim
mailing list