Re: [ietf-dkim] wildcards, draft-ietf-dkim-rfc4871bis-03 submitted

Thu, 17 Feb 2011 06:32:33 -0800 

John Levine:
> >> 2. Advice about wildcards in TXT records.
> >> Proposed change: Add a note in section 6.1.2 warning about the effect
> >> of wildcard TXT records on finding DKIM key records.
> 
> Section 3.6.2.1 currently says:
> 
>       INFORMATIVE OPERATIONAL NOTE: Wildcard DNS records (e.g.,
>       *.bar._domainkey.example.com) do not make sense in this context
>       and should not be used.  Note also that wildcards within domains
>       (e.g., s._domainkey.*.example.com) are not supported by the DNS.
> 
> That first sentence is just plain wrong.  I have been using wildcard
> DNS records of exactly that form for months, and they work fine.  I
> put a unique selector on each message, and when I get around to it
> will extract the DNS lookup info to figure out how many people are
> looking at my signatures.  This may be morally reprehensible, but it
> does make sense.
> 
> I suggest we delete the whole note.

I suggest replacing this with the replacement 6.1.2 text proposed
below, but I would not object to John's proposed changes either.

So that's a +1 from me.

        Wietse

> Section 6.1.2 says:
> 
>    NOTE:  The use of wildcard TXT records in the DNS will produce a
>       response to a DKIM query that is unlikely to be valid DKIM key
>       record.  This problem applies to many other types of queries, and
>       client software that processes DNS responses needs to take this
>       problem into account.
> 
> This is only true if the name of the record doesn't include
> _domainkey, so *._domainkey.example.com or
> *.foo._domainkey.example.com is OK, but *.example.com is not.  So I
> suggest we rewrite it as:
> 
>    NOTE: Wildcard TXT records whose names are not in the _domainkey
>       subdomain will generally produce a response to a DKIM query that
>       is not a valid DKIM key record.  This problem applies to many
>       other types of queries, and client software that processes DNS
>       responses needs to take this problem into account.
> 
> Regards,
> John Levine, [email protected], Primary Perpetrator of "The Internet for 
> Dummies",
> Please consider the environment before reading this e-mail. http://jl.ly
> _______________________________________________
> NOTE WELL: This list operates according to 
> http://mipassoc.org/dkim/ietf-list-rules.html
> 
> 

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

Reply via email to