On Mar 11, 2008, at 11:16 AM, Dave Crocker wrote:
> Again, to repeat what I said at the mic:
>
> The current, 3-step procedure is certainly an improvement, however I
> do not
> understand the need for the second step, in terms of ASP
> functionality.
>
> In any early discussion of this, I believe Jim said he thought it
> was a
> carry-over from an earlier version of the spec where the need was
> more clear.
>
> In any event, I think the current question is: What is it about ASP
> -- as
> opposed to concerns outside of ASP's scope -- that requires checking
> for domain
> existence?
Avoiding domain tree walking compatible with wildcards w/o depending
on wildcards.
a) MX mandate in conjunction with DKIM Policy
- an empty TXT records can disavow DKIM/SMTP.
- empty TXT records compatible with wildcard TXT records used by
other protocols.
- empty wildcard TXT records compatible with TXT records used by
other protocols.
- consumes smallest amount of DNS cache.
- improves positive caching rates.
- provides much stronger domain protection.
- becomes much simpler when MX is required by SMTP.
b) domain tree walk-up
- results indeterminate when wildcards are in use.
- exposes parent domains to a high volume of transactions
dependent upon negative
caching.
- imposes expectation of policy to override possible parent
domain assertions.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
