and given the weakness of the Reverse DNS access for security purposes, what problem is this draft trying to solve? If we need to find the host that has sent an email associated with an address, would we better let DKIM address that without a separate lookup in the receiving server? DKIM detects email spoofing by using digital signature allowing receiving mail exchangers to check that incoming mail from a domain is authorized by that domain's administrators.
Is there a better way to approach the problem? I do not claim it is a best way but I think CGA-TSIG can easily handle many similar scenarios. You can check the old version here http://datatracker.ietf.org/doc/draft-rafiee-intarea-cga-tsig/ and upcoming version here <http://editor.rozanak.com/show.aspx?u=AZCDD03D4DBABD14DA80CDTAM > Hosnieh _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
