[ietf-dkim] New Issue: protecting a domain name vs. protecting a domain tree
eric+dkim at sendmail.org
Thu Apr 10 12:35:22 PDT 2008
So I guess what we're talking about is to what "coverage" ADSP gives
you. There are three options, not two:
1. The name itself, and nothing more.
2. The name itself plus one level down in the subtree.
3. The name itself plus all levels below it in the subtree.
The current draft gives you option 2. As a side effect, it acts like
option 3 for names that do not exist, e.g., given the name
"a.b.example.com", and assuming that "b.example.com" does not exist,
then "a.b.example.com" gets covered as a side effect of the fact that
"b.example.com" does not exist.
I disagree with your assertion that this hasn't been explicit. As
others have pointed out, 5016 section 4.2 already states this. It
would make sense to make this explicit in the ADSP draft itself, but
that's a matter of wordsmithing, not a question of the desirability
and appropriateness of the function in the first place.
For the record, I'm in favor of leaving step 2 in. I think it is
appropriate, in scope, and desirable for both senders and receivers
More information about the ietf-dkim