Wildcard DNS (pros and cons)

Kevin Darcy kcd at daimlerchrysler.com
Tue Dec 14 23:18:56 UTC 2004


Edward Buck wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Kevin Darcy wrote:
>| Edward Buck wrote:
>
>|>I agree that there's nothing inherently ambiguous about wildcard
>|>entries.  But when the wildcard entry is abused and it becomes unclear
>|>whether the subdomain in question is valid or not, intended or not, th=
en
>|>there is ambiguity.  I pick on wildcards here but it's not just about
>|>dns wildcards.  The smtp protocol is full of ambiguity, precipitating
>|>the need for sender verification protocols like SPF or DomainKeys.
>|
>| I think you need to revisit the definition of the term "ambiguity".
>| There's nothing "ambiguous" about the source address of a connecting
>| SMTP client. What SPF and DomainKeys attempt to address is the
>| *authority* of that client to be sending SMTP messages for a specific
>| mail domain.
>
>I don't want to argue over semantics because it's silly but:
>
>~From dictionary.com:
>
>am=B7bi=B7gu=B7i=B7ty
>1. Doubtfulness or uncertainty as regards interpretation: ?leading a
>life of alleged moral ambiguity? (Anatole Broyard).
>2. Something of doubtful meaning: a poem full of ambiguities.
>
>When there is doubt or uncertainty with regards to sender domains being
>valid, it is ambiguous (to me anyway).
>
>I'm not talking about the source address of the connecting smtp client,
>which is not ambiguous.  I'm talking about the right-hand side sender
>domain of the e-mail.
>
>A more correct term to describe what I'm talking about is
>non-repudiation, which by definition leaves no doubt, uncertainty or
>ambiguity.
>
I would recommend sticking with the more correct term then.

                                                                        =20
                  - Kevin




More information about the bind-users mailing list