[ietf-dkim] FW: New Version Notification for draft-kucherawy-authres-vbr-00
Alessandro Vesely
vesely at tana.it
Mon Nov 8 04:03:50 PST 2010
On 08/Nov/10 06:25, Murray S. Kucherawy wrote:
> Filename: draft-kucherawy-authres-vbr
> Revision: 00
> Title: Authentication-Results Registration For Vouch By Reference Results
> Creation_date: 2010-11-07
> WG ID: Independent Submission
> Number_of_pages: 7
>
> Abstract:
> This memo updates the registry of properties in Authentication-
> Results: message header fields to allow relaying of the results of a
> Vouch By Reference query.
Nice one, Murray!
Section 4 (Definition) is ambiguous, though. It says "the DNS domain
name used to perform the VBR query", but a VBR query takes two domain
names. I think mentioning the tag (md, according to the example)
would make it clearer.
However, why not structure all the available domains? E.g. delivering
something like (modified from section A.1)
Authentication-Results: mail-router.example.net;
dkim=pass (good signature) header.d=newyork.example.com
header.b=oINEO8hg;
vbr=pass (all) header.mv=voucher.example.net
header.md=newyork.example.com
where the comment contains the actual content of the TXT record. A
machine readable voucher name could be used by clients to learn what
vouchers a server trusts.
Another item that may need clarification is the "positive response"
given in the definitions of "pass" and "fail". It could be expanded
as, say,
pass: A VBR query was completed and the vouching service queried
gave a positive response. That is to say, it returned a record
consisting of strings of lowercase letters separated by spaces,
as per section 5 of [VBR].
The added sentence is meant to dispel any question on whether the
verifier should attempt to match the text in the RR with the content
of the mc= tag in the VBR-Info header field, if any.
More information about the ietf-dkim
mailing list