Re: tree walking (was - Re: [ietf-dkim] user level ssp)
Jim Fenton <fenton@cisco.com> Thu, 07 September 2006 22:40 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GLSXx-0007bD-8d for ietf-dkim-archive@lists.ietf.org; Thu, 07 Sep 2006 18:40:33 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GLSXu-00023X-QO for ietf-dkim-archive@lists.ietf.org; Thu, 07 Sep 2006 18:40:33 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k87McaHT010778; Thu, 7 Sep 2006 15:38:37 -0700
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k87McWVc010760 for <ietf-dkim@mipassoc.org>; Thu, 7 Sep 2006 15:38:32 -0700
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-5.cisco.com with ESMTP; 07 Sep 2006 15:36:17 -0700
X-IronPort-AV: i="4.08,227,1154934000"; d="scan'208"; a="318863971:sNHT5535622758"
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k87MaHN3011335; Thu, 7 Sep 2006 15:36:17 -0700
Received: from imail.cisco.com (sjc12-sbr-sw3-3f5.cisco.com [172.19.96.182]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k87MaHQV003291; Thu, 7 Sep 2006 15:36:17 -0700 (PDT)
Received: from [171.71.97.128] (dhcp-171-71-97-128.cisco.com [171.71.97.128]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id k87MQmOr001516; Thu, 7 Sep 2006 15:26:48 -0700
Message-ID: <45009EE1.1040700@cisco.com>
Date: Thu, 07 Sep 2006 15:36:17 -0700
From: Jim Fenton <fenton@cisco.com>
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
MIME-Version: 1.0
To: "william(at)elan.net" <william@elan.net>
Subject: Re: tree walking (was - Re: [ietf-dkim] user level ssp)
References: <198A730C2044DE4A96749D13E167AD37D3F5E3@MOU1WNEXMB04.vcorp.ad.vrsn.com> <44FF33E6.5030004@yahoo-inc.com> <44FF4F3E.3000405@cisco.com> <Pine.LNX.4.62.0609061555520.32111@sokol.elan.net> <44FF5698.30804@cisco.com> <Pine.LNX.4.62.0609071240180.4395@sokol.elan.net>
In-Reply-To: <Pine.LNX.4.62.0609071240180.4395@sokol.elan.net>
X-Enigmail-Version: 0.93.2.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Authentication-Results: sj-dkim-2.cisco.com; header.From=fenton@cisco.com; dkim=pass ( sig from cisco.com verified; );
DKIM-Signature: a=rsa-sha1; q=dns; l=1976; t=1157668577; x=1158532577; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fenton@cisco.com; z=From:Jim=20Fenton=20<fenton@cisco.com> |Subject:Re=3A=20tree=20walking=20(was=20-=20Re=3A=20[ietf-dkim]=20user=20level=2 0ssp); X=v=3Dcisco.com=3B=20h=3Dm85C1chOLmZoPZqwzWc4DJ5o9+U=3D; b=MNsx81TkBsgiw5ZuxHeIdMOkJsRcUeHyoAABzexcKF/zTwyBxxy5ew+h/FqczQoFjdQ2/InD YsGPI3BISwBupusKbZu6KU2R36jV0Yt2/ymWa0V+B1OyAoErPi/QHHmU;
X-Songbird: Clean, Clean
Cc: IETF-DKIM <ietf-dkim@mipassoc.org>
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
william(at)elan.net wrote: > > On Wed, 6 Sep 2006, Jim Fenton wrote: > >> The tree-walking issue (separate from the user-level SSP) issue has >> concerned me too. The allman-dkim-ssp-02 draft has it down to 2 queries >> -- much improved from the previous revision, in part because of the use >> of a separate RR. > > Are you sure there is a limit? I distinctly remember a paragraph from > your draft that says that in case of NODATA the verifier needs to > walk down the tree until it reaches root. Check draft-allman-dkim-ssp-02; the algorithm has changed substantially in this revision. > > Also while I think separate RR is right way to go, I have to note > that since you want to already use TXT for public key, you might > as well (ab)use it for these policy records too - otherwise you'd > cause difference in adoption rates for those wanting to use > signatures and those who want to use policy, making using police. > And personally I think public key is the one that a lot more > belongs into being separate RR (binary CERT preferably) though > in reality you should just avoid putting large public key records > in dns all together as it brings further abuse and problems for > caching name servers that can be avoided otherwise. Of course the use of a separate RR will require (probably lots of) further discussion, but I see the considerations relative to the IAB DNS considerations draft (draft-iab-dns-choices-03) as being rather different. In the case of key records, we know exactly where to look using the selector and domain name, and the record is either there or it isn't. The use of a prefix doesn't hinder that at all. In the case of SSP, you can do the same thing with TXT records and a prefix, but it requires additional queries to distinguish the nonexistent domain case from the nonexistent policy record case. That is an argument in favor of use of a separate RR, but we'll see what the consensus is. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- Re: [ietf-dkim] user level ssp Damon
- [ietf-dkim] user level ssp Michael Thomas
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp J.D. Falk
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp J.D. Falk
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Jim Fenton
- Re: [ietf-dkim] user level ssp Douglas Otis
- tree walking (was - Re: [ietf-dkim] user level ss… william(at)elan.net
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: tree walking (was - Re: [ietf-dkim] user leve… Jim Fenton
- Re: tree walking (was - Re: [ietf-dkim] user leve… Douglas Otis
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] user level ssp Wietse Venema
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp John Levine
- Re: [ietf-dkim] user level ssp Wietse Venema
- Re: [ietf-dkim] user level ssp Douglas Otis
- RE: [ietf-dkim] user level ssp Bill.Oxley
- Re: [ietf-dkim] user level ssp Wietse Venema
- Re: [ietf-dkim] user level ssp Douglas Otis
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Wietse Venema
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] user level ssp Wietse Venema
- RE: [ietf-dkim] user level ssp Bill.Oxley
- Re: [ietf-dkim] user level ssp Douglas Otis
- RE: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] user level ssp Dave Crocker
- Re: [ietf-dkim] user level ssp Michael Thomas
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Michael Thomas
- Re: [ietf-dkim] user level ssp Dave Crocker
- Re: [ietf-dkim] user level ssp Jim Fenton
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp John L
- Re: [ietf-dkim] user level ssp Jim Fenton
- Re: [ietf-dkim] user level ssp Douglas Otis
- RE: [ietf-dkim] user level ssp Bill.Oxley
- Re: [ietf-dkim] user level ssp Michael Thomas
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp (let me review) Thomas A. Fine
- RE: [ietf-dkim] user level ssp Arvel Hathcock
- Re: [ietf-dkim] user level ssp John Levine
- Re: [ietf-dkim] user level ssp Douglas Otis
- [ietf-dkim] Re: user level ssp Frank Ellermann
- Re: [ietf-dkim] user level ssp Jon Callas
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Douglas Otis
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Steve Atkins
- Re: tree walking (was - Re: [ietf-dkim] user leve… william(at)elan.net
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- RE: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] user level ssp Steve Atkins
- [ietf-dkim] Re: user level ssp Frank Ellermann
- Re: [ietf-dkim] user level ssp John Levine
- Self-assertion of...well, anything at all (was Re… J.D. Falk
- Re: [ietf-dkim] Re: user level ssp J.D. Falk
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp (let me review) Douglas Otis
- Re: tree walking (was - Re: [ietf-dkim] user leve… Jim Fenton
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Scott Kitterman
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] The basic problem with SSP John Levine
- Re: [ietf-dkim] The basic problem with SSP Dave Crocker
- Re: [ietf-dkim] The basic problem with SSP Douglas Otis
- Re: [ietf-dkim] The basic problem with SSP Damon
- [ietf-dkim] SSP = FAILURE DETECTION Hector Santos
- Re: [ietf-dkim] SSP = FAILURE DETECTION Steve Atkins
- Re: [ietf-dkim] SSP = FAILURE DETECTION Douglas Otis
- Re: [ietf-dkim] The basic problem with SSP Scott Kitterman
- Re: [ietf-dkim] SSP = FAILURE DETECTION Wietse Venema
- Re: [ietf-dkim] SSP = FAILURE DETECTION Hector Santos
- [ietf-dkim] Sign it all, publish the policy, and … Thomas A. Fine
- Re: [ietf-dkim] SSP = FAILURE DETECTION Hector Santos
- Re: [ietf-dkim] SSP = FAILURE DETECTION Dave Crocker
- Re: [ietf-dkim] SSP = FAILURE DETECTION Hector Santos
- Re: [ietf-dkim] SSP = FAILURE DETECTION Douglas Otis
- Re: [ietf-dkim] user level ssp wayne
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Wietse Venema
- RE: [ietf-dkim] SSP = FAILURE DETECTION Bill.Oxley
- Re: [ietf-dkim] user level ssp wayne
- Re: [ietf-dkim] user level ssp wayne
- Re: [ietf-dkim] user level ssp Dave Crocker
- Re: [ietf-dkim] user level ssp Wietse Venema
- Re: [ietf-dkim] user level ssp John Levine
- Re: [ietf-dkim] user level ssp wayne
- Re: [ietf-dkim] user level ssp Michael Thomas
- Re: [ietf-dkim] user level ssp Scott Kitterman
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] we don't know what SSP means John Levine
- Re: [ietf-dkim] we don't know what SSP means Stephen Farrell
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] we don't know what SSP means Dave Crocker
- Re: [ietf-dkim] we don't know what SSP means Michael Thomas
- Re: [ietf-dkim] user level ssp Hector Santos
- Re: [ietf-dkim] we don't know what SSP means Stephen Farrell
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Hector Santos
- [ietf-dkim] SSP Policies and SSP-02 Comments Hector Santos
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] we don't know what SSP means Jim Fenton
- Re: [ietf-dkim] SSP = FAILURE DETECTION J.D. Falk
- Re: [ietf-dkim] SSP = FAILURE DETECTION Hector Santos
- accept, deny, or other delivery decisions (was Re… J.D. Falk
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- Re: accept, deny, or other delivery decisions (wa… Douglas Otis
- Re: accept, deny, or other delivery decisions (wa… John Levine
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- Re: accept, deny, or other delivery decisions (wa… J.D. Falk
- Re: accept, deny, or other delivery decisions (wa… Douglas Otis
- [ietf-dkim] Relaxed always (was: user level ssp) Frank Ellermann
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- [ietf-dkim] Reputation vs SSP Hector Santos
- Re: accept, deny, or other delivery decisions (wa… Steve Atkins
- Re: accept, deny, or other delivery decisions (wa… Scott Kitterman
- Re: accept, deny, or other delivery decisions (wa… Scott Kitterman
- [ietf-dkim] Using Reputation with DKIM-BASE - Its… Hector Santos
- [ietf-dkim] Re: SSP = FAILURE DETECTION Frank Ellermann
- Re: accept, deny, or other delivery decisions (wa… Steve Atkins
- [ietf-dkim] Re: SSP = FAILURE DETECTION Frank Ellermann
- Re: [ietf-dkim] Re: SSP = FAILURE DETECTION Steve Atkins
- [ietf-dkim] Re: SSP = FAILURE DETECTION Frank Ellermann
- Re: accept, deny, or other delivery decisions (wa… Douglas Otis
- Re: accept, deny, or other delivery decisions (wa… J.D. Falk
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- Re: accept, deny, or other delivery decisions (wa… Douglas Otis
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- Re: accept, deny, or other delivery decisions (wa… Douglas Otis
- Re: accept, deny, or other delivery decisions (wa… J.D. Falk
- [ietf-dkim] Wait and See? Douglas Otis