It would be a big problem because the advice that we have been giving the banks
at the Anti-phishing working group for the past three years has been to use one
domain exclusively for all their mail.
I don't know whether we need user level policy or not. What I do know is that
we can construct a situation where the domain record is the master record and
the per-user policy is only consulted if the domain lookup fails and so we
don't have to make a decision now.
I suggest we consider support for per user policy at the architectural level
but leave it out of the core policy spec in the first instance.
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of John L
Sent: Thursday, September 07, 2006 12:23 PM
To: Michael Thomas
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] user level ssp
heard of is more aimed at securing things like
statements(_at_)bigbank(_dot_)com
without having to say "I sign everything" for the entire
domain which
is assumedly a lot harder. The thing about this is that you can
alternately set up a record for
statements(_at_)accounts(_dot_)bigbank(_dot_)com or somesuch which would work
the same way.
I've heard it expressed that that is problematic for some
people, but
I frankly don't remember why at this point.
I think it's a problem for banks that signed up for the
$2.99/mo DNS hosting service and can't afford to switch to
the $7.99 version.
R's,
John
"Save at the Sign of the Sock"
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html