[ietf-dkim] protecting domains that don't exist
fenton at cisco.com
Thu Apr 24 09:38:55 PDT 2008
Wietse Venema wrote:
> Wietse Venema wrote:
>> Frank Ellermann:
>>> <robert at barclayfamily.com> wrote:
>>>> Would it be better if "error" were a specifically defined
>>>> result in addition to "unknown" / "all" / "discardable"?
>>> The fourth bullet in chapter 3.2 "ASP results" offers "the
>>> domain does not exist" after "unknown"/"all"/"discardable".
>>> I-D.kucherawy-sender-auth-header chapter 2.4.2 "ASP results"
>>> lists this as "nxdomain". IMHO good enough, or do you have
>>> something else in mind ? Let's s/ASP/ADSP/g + WGLC, s.v.p.
>> Sounds reasonable. I expect many will implement NXDOMAIN as a
>> fourth ADSP lookup result in some way or another.
>> This explains more easily than my earlier claim (an NXDOMAIN result
>> cannot correspond with one of "unknown" / "all" / "discardable").
> Dave Crocker:
>> Sorry for being confused, but I now can't tell whether the focus
>> is on an NXDomain for the _adsp.<domain> string that is queried
>> for ADSP, or the <domain> name to which it is associated.
> I am talking about DNS lookup #2 in ADSP: the author domain.
> _adsp.domainkey.example.com IN TXT (NXDOMAIN -> "unknown").
> example.com A IN (NXDOMAIN -> "nxdomain").
> By including "nxdomain" as a verifier result we can eliminate
> a confusion and frustration.
That's the fourth result in section 3.2 of ssp-03, "The domain does not
exist". So we already have it. Perhaps it's not clear enough that the
"appropriate error" referred to in step 2 of section 4.2.2 is that
More information about the ietf-dkim