On Wed, 6 Sep 2006, Hallam-Baker, Phillip wrote:
If we do have per user policy I think that it needs to be defined in
such a way that it is clear that it is an extension. So for example if
DKIM is the tag describing the domain based DKIM and USER is the per
user version of the policy language we would in my scheme have a master
policy record of the form:
_policy._SMTP_OUT.example.com TXT "policy.smtp_out USER"
alice._policy._SMTP_OUT.example.com TXT "policy.smtp_out DKIM"
keith._policy._SMTP_OUT.example.com TXT "policy.smtp_out"
It is not SMTP_OUT policy as the signature is for DATA part and
SMTP implies envelope-level identity. However I'm for having
identity as part of policy dns record locator syntax, something like:
alice._from._email_policy.example.com
Above though is minor tweak. One thing I do want to point out is
that in case user email address (alice(_at_)exampe(_dot_)com) is present in the
signature, dns request can immediately be made to:
alice._from._email_policy.example.com
If dns provider is smart, they'd have general record:
*._from._email_policy.example.com IN TXT ...
and if alice had specific record then
alice._from._email_policy.example.com IN TXT ...
This does remind me of an idea I mentioned long ago (ASRG or MARID?) -
basicly require domain-wide non-user record to be in
*._from._email_policy
rather then just
_from._email_policy
This means everyone has to kind-of use wildcards (kind-of because if
user address is not mentioned in signature then DNS lookup will be
done directly to "*"), but it avoids extra DNS record for wildcard
and non-wildcard entry and avoids extra user DNS lookups since all
user-level lookups would then succeed.
---
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html