That is somewhat unfair. Until DNSSEC there was no need to standardize behavior at all unless you were using different software flavors to publish your DNS information. Even the zone transfer issue was irrelevant since the semantics of the woldcard were defined in the publishing server.
DNSSEC reqired there be a single interpretation of a signed wildcard. The advantage of chosing the narrow matching rules was that it was always possible for someone to add in extra records if broader semantics were desired but not possible to take records out if the match was too loose. As you point out in your other messages, DNS does provide support for this particular use case, even though it might not be what we want. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Levine > Sent: Saturday, June 09, 2007 7:53 AM > To: [email protected] > Subject: Re: [ietf-dkim] DNS wildcarding behavior scenarios > > >[1] For the RFC lawyers, not of any actual operational > value: There are > >some RFCs that specify some of this behaviour, I believe, in the > >context of zone transfers rather than DNS queries but those > RFCs really > >just document the behaviour of that one authoritative > server, and most > >people consider them a mistake worth forgetting as far as being a > >Standard with a capital S is concerned, rather than just > documentation > >of current practice with that one server. > > Unfortunately, there seems to be a critical mass of people in > the DNS part of the IETF that believe otherwise, that the > only problem with wildcards is that there are servers that > don't do exactly what BIND does, and the solution is to fix > them so they do. > > R's, > John > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
