Steve Atkins wrote: >> With respect to an A record, its presence does tell you that the >> name is valid, but it does not tell you anything about ADSP >> support. Initially there will be virtually no adoption of ADSP. So >> what does finding an A record, but no _adsp record, tell you? > > It tells you two things. It tells you that the domain owner is aware > of that hostname, and that they did not choose to publish an _adsp > record that covers it.
The latter assertion is incorrect. The word "choose" is active. During the likely very long adoption curve, there is no way to know whether they "chose" not to publish adsp or whether they didn't know about it. These have very different semantics, I think. And this gets to the nub of the matter, I think: As with DKIM, ADSP tells you something when it is there, but tells you nothing when it isn't. I think the A record check is trying to pretend that you can learn something when ADSP isn't explicitly present for that domain. But that's only possible if you know that the organization supports ADSP, and you can't. So, when the _adsp TXT is present, you know everything you need to know. When it isn't, you do not know anything about the organization's practices, including not knowing whether it has any. Really. > If a desired functionality is for a domain owner to be able to assert > policy over all hostnames within their domain by publishing a finite > number of _adsp records, then you need an additional step in the > process. The one-level hierarchy trick is the best you can do. This effort to use the A record is overloading its semantics and you can't tell whether the domain owner intends the second meaning. (BTW, I am being sloppy about referring to A, since I mean A, MX, or anything other than an _adsp TXT.) > As there will never be a legitimate use of a hostname that may be > checked for an _adsp record that doesn't have any DNS record > corresponding to it[3], asserting an ADSP fail for any case where > there is not a corresponding record in DNS will not cause any > unintended failures, My point is that the A, MX, whatever record doesn't add any ADSP-related information. It is an extra DNS query that provides no ADSP information. d/ ps. I'm using 'ADSP' since it looks like it has rough consensus, not because I'm part of that consensus, which I am... -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
