[ietf-dkim] subdomain strawpoll
Dave Crocker
dhc at dcrocker.net
Thu May 1 08:09:16 PDT 2008
Stephen Farrell wrote:
> Should we keep or remove text below?
>
> (from 4.2.2 of draft-ietf-dkim-ssp-03, but please be sure you
> check the context before expressing an opinion)
>
> 3. _Try Parent Domain._ The host MUST query DNS for a TXT record for
> the immediate parent domain, prefixed with "_asp._domainkey." If
> the result of this query is anything other than a "NOERROR"
> response with a valid ASP record, the algorithm terminates with a
> result indicating that no ASP record was present. If the ASP "t"
> tag exists in the response and any of the flags is "s"
> (indicating it does not apply to a subdomain), the algorithm also
> terminates without finding an ASP record. Otherwise, use that
> record.
Remove.
It does not enhance security.
It invents new DNS semantics and works poorly.
It is strictly for the administrative convenience of a minority of domain owners.
It adds permanent overhead to the protocol but will rarely provide any benefit.
d/
ps. As Steve Atkins noted, it also does not work properly.
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list