Wildcard DNS (pros and cons)
Edward Buck
ed at bashware_REMOVEME_.net
Tue Dec 14 05:05:55 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kevin Darcy wrote:
| Edward Buck wrote:
|>I agree that there's nothing inherently ambiguous about wildcard
|>entries. But when the wildcard entry is abused and it becomes unclear
|>whether the subdomain in question is valid or not, intended or not, then
|>there is ambiguity. I pick on wildcards here but it's not just about
|>dns wildcards. The smtp protocol is full of ambiguity, precipitating
|>the need for sender verification protocols like SPF or DomainKeys.
|
| I think you need to revisit the definition of the term "ambiguity".
| There's nothing "ambiguous" about the source address of a connecting
| SMTP client. What SPF and DomainKeys attempt to address is the
| *authority* of that client to be sending SMTP messages for a specific
| mail domain.
I don't want to argue over semantics because it's silly but:
~From dictionary.com:
am·bi·gu·i·ty
1. Doubtfulness or uncertainty as regards interpretation: ?leading a
life of alleged moral ambiguity? (Anatole Broyard).
2. Something of doubtful meaning: a poem full of ambiguities.
When there is doubt or uncertainty with regards to sender domains being
valid, it is ambiguous (to me anyway).
I'm not talking about the source address of the connecting smtp client,
which is not ambiguous. I'm talking about the right-hand side sender
domain of the e-mail.
A more correct term to describe what I'm talking about is
non-repudiation, which by definition leaves no doubt, uncertainty or
ambiguity.
Sorry if my terms don't gel with your vocabulary.
Ed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBvnSy+8K5zYeYuXsRApfXAJ9z8ENZG/pQ+fsa0B85nX9q2U5H+wCg7m90
K+CYB0r0N7zekpOhLkPBf70=
=H+DZ
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list