[ietf-dkim] use cases for wildcard policy assertions
Roland Turner
roland.turner at boxsentry.com
Thu Apr 10 02:46:00 PDT 2008
On Wed, 2008-04-09 at 12:09 -0400, Siegel, Ellen wrote:
...
> > bounces at mipassoc.org] On Behalf Of Roland Turner
...
> > Setting aside questions of whether consensus has already been reached,
> > and the painful technical details of trying to deal with hierachies of
> > names rather exact matches with individual domain name, it strikes me
> > that any reasonable "outsider" will look at a spec that doesn't allow
> > him to specify in one step (rather than hopefully-correctly attached
> to
> > every single zone entry now and through all future changes) "Acme
> Corp's
> > email is ALL signed, or it's not ours" and wonder what the spec
> authors
> > were thinking.
>
> I think if we go this route we need to 1) be more clear about what is
> and isn't supported, and 2) include some explanation of how a subdomain
> that wants a different policy (e.g. "unknown" where the parent domain is
> "all", or "discardable" if it doesn't send any mail and the parent has
> published a weaker practice record).
>
> I think part of Dave's point is that doing a good job of (1) may not be
> as straightforward as it seems.
I suspect that he's concerned that, even if it were technically
feasible, it may not be so good an idea as it appears.
> Examples for (2) are very important in both directions (creating a
> subdomain policy that is a) weaker and b) stronger than that of the
> parent domain).
Quite.
I take it that the basic technical constraint is the need to keep the
number of DNS queries to "a few" and, in particular, to establish a
constant bound, rather than, say, permit an adversary to shut down some
DNS infrastructure by sending millions of messages purporting to be from
a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.example.com?
- Roland
--
Roland Turner | Product Manager, RealMail | BoxSentry Pte Ltd
3 Phillip Street, #13-03 Commerce Point, Singapore 048693
Mob: +65 96700022 | Skype: roland.turner | Fax. +65 65365463
roland.turner at boxsentry.com | www.boxsentry.com
More information about the ietf-dkim
mailing list