Mark Delany wrote:
On Fri, Jul 28, 2006 at 08:01:18AM -0700, Michael Thomas allegedly wrote:
Hector Santos wrote:
One initial and obvious design consideration is length limit related. One
reviewer did suggest some 'include' concept or protocol to access large
list.
I'd venture to say that "include" ala SPF is specific NON-REQUIREMENT,
as it violates the requirement that the query operation provide a
deterministic
number of queries for discovery/fetching.
+1
I see very marginal benefit to that sort of indirection and a very
large cost in operational complexity and test cases.
Besides which, inheriting topology might be a common convenience that
justifies complexity in an IP based model, but inheriting policy seems
a much less likely and thus less compelling reason in a domain based
model.
What occurs to me is that _any_ form redirection -- even if it were
limited to
one entry -- could lead to looping, which definitely violates the
deterministic
property. That is:
a.com: "signed-by=b.com;"
b,com: "signed-by=a.com;"
This is one of the many things that are possible and problematic with
SPF. If we
include any of this at all, it seems to be that the depth of indirection
should be
hard coded to, say, 1.
Perhaps a better mechanism is to just completely disallow jumps from
one domain namespace to another, ie that any indirection must take place
in the subtree of the consulted domain, and that it's just, say, an n stage
process instead of a potential loop.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html