On 24/Jan/12 22:34, Murray S. Kucherawy wrote: >> From: John Levine >> >> The next question has to be: if you have an external source telling >> whose signatures to report, why wouldn't that source also tell you >> where to send the reports and how many to send? > > Wait, isn't that what I had in the last version, where the > reporting address was in the key record in the DNS?
Not exactly, John suggests a separate record like: _report._domainkey.blackops.org TXT "r=sendreportshere" Scott notes this solution allows to notify missing or misspelled selectors. So, as long as the ADMD don't change both records simultaneously, this way provides for more stable reporting than otherwise. In addition: * "_report" is not a valid selector, so there's no conflict, and * for a range of [report data] X [key data] sizes, this solution may allow to use UDP rather than TCP. For the consistency problem, and also in order to avoid redefining report modalities at every turn, I make an appeal to treat them all together, in reporting-discovery. _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
