Jim Fenton:
> Dave Crocker wrote:
> > J D Falk wrote:
> >
> >> Wietse wrote:
> >>
> >>> How would a receiver discover the top-level domain given example.com,
> >>> example.ac.uk, example.org.au, etc.?
> >>>
> >> The same way we do now: annoying, manually maintained case statements.
> >>
> >
> >
> > This relies on a resource that is not specified in the document, is not
> > publicly standardized, and changes.
> >
> > Not such a good thing.
> >
>
> Exactly what terrible outcome does this produce if this is done wrong?
> It's unlikely that com, ac.uk, or org.au are going to publish ADSP
> records. So there is an unnecessary query to the parent, which is
> probably cached anyway (15 minutes for com, 1 day for ac.uk).
Jim,
You deleted the context of the original question: a mechanism that
allows organizations to advertise a policy in one place that applies
to their entire DNS tree.
In the absence of a solid algorithm that determines the top of an
arbitrary organization's DNS tree, verifiers will have to walk up
the entire DNS tree from the bottom.
Thus, ADSP becomes a tool thay can be mis-used for trivial
amplification attacks by sending rfc2822.from addresses with many
domain levels. That is not a good thing for a protocol that attempts
to improve security. The prime directive should be "do no harm".
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
