IETF Logo Mail Archive

[ietf-dkim] New Issue: Use of XPTR records in SSP

Jim Fenton <fenton@cisco.com> Tue, 17 April 2007 06:28 UTC

Return-path: <ietf-dkim-bounces@mipassoc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HdhBN-0007nL-Qy for ietf-dkim-archive@lists.ietf.org; Tue, 17 Apr 2007 02:28:53 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HdhBL-0001dp-Pw for ietf-dkim-archive@lists.ietf.org; Tue, 17 Apr 2007 02:28:53 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id l3H6QdfU003238; Mon, 16 Apr 2007 23:26:57 -0700
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id l3H6OtId002720 for <ietf-dkim@mipassoc.org>; Mon, 16 Apr 2007 23:24:58 -0700
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 16 Apr 2007 23:24:47 -0700
X-IronPort-AV: i="4.14,417,1170662400"; d="scan'208"; a="136680355:sNHT43666983"
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l3H6OlOn006830 for <ietf-dkim@mipassoc.org>; Mon, 16 Apr 2007 23:24:47 -0700
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id l3H6OjMF027454 for <ietf-dkim@mipassoc.org>; Tue, 17 Apr 2007 06:24:47 GMT
Received: from xfe-rtp-202.amer.cisco.com ([64.102.31.21]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 17 Apr 2007 02:24:44 -0400
Received: from [10.71.2.62] ([10.86.242.136]) by xfe-rtp-202.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 17 Apr 2007 02:24:44 -0400
Message-ID: <462415FC.9000807@cisco.com>
Date: Mon, 16 Apr 2007 17:34:04 -0700
From: Jim Fenton <fenton@cisco.com>
User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221)
MIME-Version: 1.0
To: "ietf-dkim@mipassoc.org" <ietf-dkim@mipassoc.org>
X-Enigmail-Version: 0.94.3.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 17 Apr 2007 06:24:44.0612 (UTC) FILETIME=[16F9C040:01C780B9]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1638; t=1176791087; x=1177655087; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fenton@cisco.com; z=From:=20Jim=20Fenton=20<fenton@cisco.com> |Subject:=20New=20Issue=3A=20Use=20of=20XPTR=20records=20in=20SSP |Sender:=20; bh=R7iRpWL6l5cgi6MRSlFvSSVFnTzRWDPckbBrAWcJP2g=; b=uaKavRKBTPTii+TuVux5tHFAaDlHHFo3ehTubDODHnWvXBhRhV4XXaDNZG0259r3FzH2JXWc xTIUVkS8XaGtiHHIr3QbOJze6L47QOXjwP36NwzBGCKH52ipJ3Q5Shaz;
Authentication-Results: sj-dkim-4; header.From=fenton@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
X-Songbird: Clean, Clean
Subject: [ietf-dkim] New Issue: Use of XPTR records in SSP
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.5 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b

This is the first of a few issues that come in trying to rationalize at
least two of the SSP proposals, draft-hallambaker-dkimpolicy-00 and
draft-allman-dkim-ssp.  I'd like to keep the issues separate, because I
think they're largely independent, so please respond in kind if at all
possible.

=====

Phill Hallam-Baker has proposed the publication of a new PTR-like  RR
type, tentatively called XPTR, in order to improve the scalability of
the SSP mechanism to a large number (~1000?) of additional types of
policy in the future.  To look up the signing policy of example.com, the
sequence would be:

1.    Query for XPTR record for example.com.  If result is an NXDOMAIN
error, the domain does not exist.  If result is a NODATA error, either
the policy or the domain does not exist.
2.    Query for [RRtype TBD; separate issue] record for
_dkimpolicy.{result of XPTR query}; policy record is stored at that
location.

Argument Pro:  Supports a potentially very large number of policies, as
might be needed for WS-* (for example) in the future.  Permits a central
point of control and modification for policies relating to different
classes of nodes in the domain.

Argument Con: Requires an additional lookup per query; other types of
policy are out of scope for the WG.

My personal opinion is along the lines of "Argument Con", that it is not
up to the DKIM Working Group to define a fully general policy
mechanism.  There may be good arguments for IETF to charter some work in
this area, but that's a much larger question than this WG and
undoubtedly a much more time-consuming one as well.

-Jim

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email