Jim Fenton wrote:
The question is simply, "should it
be possible for an SSP record published by example.com to also apply to
sub.example.com [for any value of sub]".
Yes, but allowance is made for the sub as well. Isn't the specs
currently written as such?
We had a lengthy thread on this a few months back. I think this is a
matter of what we believe is more efficient and the order of the lookup
and how the BASE should cover or be consistent with the entire sub-domain:
Example:
Given domain: D.C.B.A
Lookup order #1
D.C.B.A
C.B.A
B.A
A
or Lookup order #2
A
B.A
C.B.A
D.C.B.A
I believe the specs currently says order #1 is to be done. But I think
there is valid consideration that a base domain should be consistent
with the authorization of the sub-domains.
To me, the lookup order #1, makes more sense, although probably less
efficient when a DOMAIN doesn't probably set his SSP records right and
forces redundant NXDOMAIN or fails on the receivers:
D.C.B.A NXDOMAIN
C.B.A NXDOMAIN
B.A NXDOMAIN
A SSP record found
That would be my only technical concern about this. But I think we have
no choice here because I think we ant to allow a DKIM DOMAIN to offer
different sub-domain policies.
---
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html