Wildcard DNS (pros and cons)
Kevin Darcy
kcd at daimlerchrysler.com
Tue Dec 14 23:18:56 UTC 2004
Edward Buck wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Kevin Darcy wrote:
>| Edward Buck wrote:
>
>|>I agree that there's nothing inherently ambiguous about wildcard
>|>entries. But when the wildcard entry is abused and it becomes unclear
>|>whether the subdomain in question is valid or not, intended or not, th=
en
>|>there is ambiguity. I pick on wildcards here but it's not just about
>|>dns wildcards. The smtp protocol is full of ambiguity, precipitating
>|>the need for sender verification protocols like SPF or DomainKeys.
>|
>| I think you need to revisit the definition of the term "ambiguity".
>| There's nothing "ambiguous" about the source address of a connecting
>| SMTP client. What SPF and DomainKeys attempt to address is the
>| *authority* of that client to be sending SMTP messages for a specific
>| mail domain.
>
>I don't want to argue over semantics because it's silly but:
>
>~From dictionary.com:
>
>am=B7bi=B7gu=B7i=B7ty
>1. Doubtfulness or uncertainty as regards interpretation: ?leading a
>life of alleged moral ambiguity? (Anatole Broyard).
>2. Something of doubtful meaning: a poem full of ambiguities.
>
>When there is doubt or uncertainty with regards to sender domains being
>valid, it is ambiguous (to me anyway).
>
>I'm not talking about the source address of the connecting smtp client,
>which is not ambiguous. I'm talking about the right-hand side sender
>domain of the e-mail.
>
>A more correct term to describe what I'm talking about is
>non-repudiation, which by definition leaves no doubt, uncertainty or
>ambiguity.
>
I would recommend sticking with the more correct term then.
=20
- Kevin
More information about the bind-users
mailing list