On 3/10/2011 5:26 PM, John R. Levine wrote: >> <t >> hangText="NOTE:"> The use of a wildcard TXT record >> that covers a queried DKIM domain name will produce a >> response to a DKIM query that is unlikely to be valid >> DKIM key record. This problem is not specific to DKIM >> and applies to many other types of queries. Client >> software that processes DNS responses needs to take >> this problem into account.</t> >> >> But note that the final sentence is meaningless, since it provides no >> guidance >> about what it means to "take this problem into account". And the answer isn't >> obvious. For example, I have no idea what a DKIM implementer should do to >> satisfy this caution. > > Not only is it confusing, it's wrong. Wildcard records work just fine when the > wildcard is below the _domainkey label, e.g. *.foo._domainkey.example. They > work > less fine in other cases.
The modified text I offered is intended to handle several coverage problems with the original text, including the one you cite. Are you suggesting that it does not succeed? If so, what text do you instead suggest? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
