On Wed, Mar 11, 2009 at 4:33 PM, Mark Delany <[email protected]<markd%[email protected]> > wrote:
> On Wed, Mar 11, 2009 at 3:33 PM, Steve Atkins <[email protected]>wrote: > >> >> Did we already look at this idea and discard it before we settled on >> using a DNS query for every email received? > > > Discussed, not discarded. AFAIR, the general feeling is that Lookups are > cheap today. > > > Essentially such an approach is asking every MX target with more than one > system to invent some way of distributing the knowledge it discovers on an > inbound, signed message. > You also have to invent mechanisms to deal with corner cases and timing > windows, such as when one MX target receives a "we don't sign all anymore" > and another MX target for the same domain almost immediately receives an > unsigned email from that domain. Or what if you use your ISP as a secondary > MX and the "state changing emails" happened to be queued up there for a > while? > > I also don't see how it changes anything from a functional POV. If ADSP is > carried in the signature vs carried in a DNS record, it would presumably > invoke the same level of WG discussion over semantics and purpose. > > Given the highly cacheable nature of ADSP information and the fact that > we're already querying the DNS for key information, it's unclear what the > big benefit would be in moving this in-band. > Outside of DNS query related technical issues, the first operational repercussion is the lost of handling legacy mail. We need to use an "standard anchor" something we know will always be there, which as it is now, is the From: domain lookup. -- hls
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
