[ietf-dkim] protecting domains that don't exist

[Douglas Otis]

On Apr 25, 2008, at 4:21 PM, Jim Fenton wrote:

> The requirement to publish large numbers of ADSP records is a  
> barrier to its widespread adoption, at least its adoption in a way  
> that provides broad coverage for domains.  This can be addressed  
> with tools, but the requirement to add tooling to achieve good ADSP  
> coverage is also a deployment barrier.  Similar concerns led the WG  
> to the use of TXT records rather than a new RR.  There are a lot of  
> DNS management tools out there that would need to change in order to  
> publish the necessary ADSP records, and this would take considerable  
> time.

Publishing ADSP records in conjunction with SMTP discovery records  
should not be described as "large" numbers.  This would have a direct  
correspondence with records already published.  Lack of NXDOMAIN as  
component of ADSP validation is wholly unmanageable and can easily  
explode into large number.

Why not depend upon discovery records?  How many public message  
exchange protocols beyond SMTP will use ADSP records?  Who even  
expects widespread adoption of ADSP?  Why would it be difficult to  
provide ADSP coverage predicated upon the existence of SMTP discovery  
records?  The lack of MX records should also preclude the use of ADSP.

-Doug