[ietf-dkim] Issue 1576: Revise wildcard discussion
Frank Ellermann
nobody at xyzzy.claranet.de
Sat Jul 5 08:15:38 PDT 2008
Eliot Lear wrote:
> The authors have chosen the DKIM style of using _adsp.domain,
> which effectively provides for subtyping. Do you not believe
> that is sufficient?
It's fine for *ordinary* ADSP records, but issue #1576 is about
the somewhat odd case of *wildcard* ADSP records.
>> A simple "MUST start with 'dkim='" (or similar) could fix it.
> But to what end?
To the end of figuring out which of several *wildcard* TXT
records is about ADSP.
> This is where I have been bashing my head.
Maybe you missed the point *where* the wildcards are used, it's
not at _adsp._domainkey.example.com, where they would do nothing
useful, as you said.
If they are at all used it's directly at the domain in parallel
to an existing MX wildcard (or A or AAAA). E.g. in parallel to
the existing wildcard *.claranet.de MX record.
That has already a wildcard TXT record beginning with v=spf1,
or it had that when I last checked it. The draft (ssp-04)
says that you cannot add an ADSP wildcard, because a q=txt
for say _adsp._domainkey.xyzzy.claranet.de would then return
two TXT records, and ADSP does not know which of the two is
about ADSP. SPF has no trouble to find its v=spf1 in this
case, SPF is only lost if two TXT records begin with v=spf1.
Frank
More information about the ietf-dkim
mailing list