On 30/Jan/12 05:59, Scott Kitterman wrote: > On Sunday, January 29, 2012 08:42:18 PM Murray S. Kucherawy wrote: >>> From: ietf.org On Behalf Of Scott Kitterman >> >>> I think the key is that the information about where reports need to go >>> needs to be found in DNS, not in the message, so if one takes the >>> signing domain and looks up the record there, it will give you the >>> localpart to go with that domain. The r= flag you propose would (AIUI) >>> be the trigger to do the DNS lookup to see if there's a DNS record >>> asking for reports. >>> >>> Is along the lines of what you intend? >> >> Specifically in the signer's DNS, but yes, that's right. > > Sounds good. Thanks,
+1: doing so is more consistent with the generic idea that "domain claims some responsibility", and with the indication given in marf-as. However, flag-triggered lookups leave report requests to the signer's mercies. If this message had a forged ietf.org's signature, there is no way they can say they'd like to know about it. Perhaps, it's fair to say the verifier MAY lookup the _report RR anyway --which it would tend to do if it remembers r= from signatures it saw earlier. _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
