Doug,
I'm really confused by your reply. The question is simply, "should it
be possible for an SSP record published by example.com to also apply to
sub.example.com [for any value of sub]". I don't see how it relates to
EAI, annotation, and so forth.
I interpret your response as expressing the position that this should
not be a requirement. Let me know if I have that wrong.
-Jim
Douglas Otis wrote:
On Dec 7, 2006, at 2:46 PM, Jim Fenton wrote:
I'd like to bring up this topic again, which I raised on November 9
and got only a little discussion and didn't make it into the issue
tracker. The various drafts that have been proposed for SSP differ
substantially in how they address subdomains, and I'd still like to
understand whether this is an SSP requirement or not.
This concern incorrectly assumes protection is afforded as a type of
prohibition. Such a prohibition fails with respect to EAI, as this
eliminates reliance upon visual inspection, as well as changing
headers viewed by the recipient.
When the protection afforded by DKIM is abased upon an annotation of
the "recognized" email-addresses "associated" with a valid signature,
then there is _no_ need to have policy be associated with
sub-domains. There is also _no_ need to search for policy either.
Without an "associative" mechanism, the message simply does not
receive any annotation. Nothing is blocked, but then nothing gets
annotated either.
DKIM requires some form of annotation as the signature is invisible by
design. The "recognition" of the email-address should be based upon
actual email-addresses comparisons that have been previously retrained
by the recipient. These retained email-addresses might be in the form
of an address-book or a DAC compatible list.
It is hard to imagine chasing 2 million new domains every day. It
does not matter what policy is required, or what hoops bad actors jump
through, they will not be limited by these requirements. Just the
opposite. Nor will reliance upon visual examination offer any
protection either. Just the opposite. There is a large part of the
world that does not even use ASCII email-addresses. : )
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html