Murray,
We been reorganizing our domain usage, such as creating sub-domains
for particular usages, especially with DKIM and POLICY in mind.
For example, for domain example.com, the following might be signers.
list1.example.com
list2.example.com
dkim.example.com
So in the ASL logic, it supports sub-domain wild cards.
asl=*.example.com
In this case, the ATPS v01 records would be:
IIDVI2YBMIIYPV4TLUQNC7KEVXATJDGE._atps TXT ("v=atps01;
d=list1.example.com;")
6IR5HAYLK26EPDXOU2OFB4H3IZQS2HFR._atps TXT ("v=atps01;
d=list2.example.com;")
7LL2CJ2APW7WS3B4DWNKS3Q4XYGIBOPZ._atps TXT ("v=atps01;
d=dkim.example.com;")
But what if we allow ATPS for a wild card hash?
RRYSFVSSZN56ELIZQ3Y7GCYH7VIQRWOA._atps TXT ("v=atps01; d=*.example.com;")
that way only one record is necessary for all the sub-domains of
example.com.
Do you see any faults with this?
The goal would be to make less of a DNS management and update issue
for domains that add new sub-domain signers perhaps.
The query rule would be:
if the signer-domain is a subdomain of the author-domain, then
check the ATPS record for *.author-domain.
if not found, check the ATPS for the signer-domain.
Besides what looks like "more DNS" lookups, the idea would be good for
a primary domain which has many sub-domain signers.
Could we optimize it with the atps= tag;
atps=ys;
the s character would mean an author-domain sub-domains wild card
record can be checked. Otherwise only 1 record per signer is expected.
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
dkim-dev mailing list
dkim-dev(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-dev