ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] New Issue: Applicability of SSP to subdomains

2006-12-08 20:02:47
from [Hector Santos] [Permanent Link] 
Jim Fenton wrote:

Hector,

Hector Santos wrote:

Jim Fenton wrote:
The question is simply, "should it be possible for an SSP record published by example.com to also apply to sub.example.com [for any value of sub]".
Yes, but allowance is made for the sub as well. Isn't the specs currently written as such?
draft-allman-dkim-ssp does attempt to address subdomains, but there are problems with its methodology that I presented at the WG meeting. I know you weren't there, but if you look at the slides at http://www3.ietf.org/proceedings/06nov/slides/dkim-3.pdf, especially slide 4, it discusses this further. 

Thanks, printing it out now.
But this question is about the SSP requirements draft. Currently the requirements draft is silent on this issue, and not all of the drafts presented at the WG meeting address propagation of SSP to subdomains, which is what prompts me to ask the question. Lookup order would then be a secondary question if we decide that we need to address subdomains.
I agree. I think it fits and we need it simply because from the domain owner standpoint sub-email-domains will mostly likely have different purposes for their existence. Everyone may apply it differently, but I think it fits for DKIM purposes as well. 

Technically, look at the print slide #4, the "Solution:" item:

Given D.C.B.A, does this imply the lookup is?

  A
  B.C
  C.B.A
  D.C.B.A

and you stop at the first NXDOMAIN?

So for example, lets say their are policies written for

  A             Policy 1 - company wide
  B.C           Policy 2 - subdomain
  C.B.A         Policy 3 - subdomain
  D.C.B.A       NXDOMAIN

Which policy is applied for D.C.B.A?    Policy 3?

Did I read that slide right?
If so, what is technically wrong starting at the bottom first, with the direct domain first, then if NXDOMAIN, go to the next base domain?
hmmmm, I think I see why you want to start at the base first, to cover the entire domain policy.
But maybe we need a flat in the policy that says the specific sub-doman policy should be looked up.
So you always start at the base (A), then if the flag does not say to try the sub-domain, then this can serve as a short circuit to 
minimize lookups.  But if it does, then the direct lookup is done.

Make sense?

---
HLS

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Blocking/Restritive-Policy vs Annotation/Associative-Policy, Hector Santos
Next by Date:  Re: [ietf-dkim] New Issue: Applicability of SSP to subdomains, Scott Kitterman
Previous by Thread:  Re: [ietf-dkim] New Issue: Applicability of SSP to subdomains, Jim Fenton
Next by Thread:  Re: [ietf-dkim] New Issue: Applicability of SSP to subdomains, Eliot Lear
Indexes:  [Date] [Thread] [Top] [All Lists]