Jim Fenton wrote:
Hector,
Hector Santos wrote:
Jim Fenton wrote:
The question is simply, "should it be possible for an SSP record
published by example.com to also apply to sub.example.com [for any
value of sub]".
Yes, but allowance is made for the sub as well. Isn't the specs
currently written as such?
draft-allman-dkim-ssp does attempt to address subdomains, but there are
problems with its methodology that I presented at the WG meeting. I know
you weren't there, but if you look at the slides at
http://www3.ietf.org/proceedings/06nov/slides/dkim-3.pdf, especially
slide 4, it discusses this further.
Thanks, printing it out now.
But this question is about the SSP requirements draft. Currently the
requirements draft is silent on this issue, and not all of the drafts
presented at the WG meeting address propagation of SSP to subdomains,
which is what prompts me to ask the question. Lookup order would then
be a secondary question if we decide that we need to address subdomains.
I agree. I think it fits and we need it simply because from the domain
owner standpoint sub-email-domains will mostly likely have different
purposes for their existence. Everyone may apply it differently, but I
think it fits for DKIM purposes as well.
Technically, look at the print slide #4, the "Solution:" item:
Given D.C.B.A, does this imply the lookup is?
A
B.C
C.B.A
D.C.B.A
and you stop at the first NXDOMAIN?
So for example, lets say their are policies written for
A Policy 1 - company wide
B.C Policy 2 - subdomain
C.B.A Policy 3 - subdomain
D.C.B.A NXDOMAIN
Which policy is applied for D.C.B.A? Policy 3?
Did I read that slide right?
If so, what is technically wrong starting at the bottom first, with the
direct domain first, then if NXDOMAIN, go to the next base domain?
hmmmm, I think I see why you want to start at the base first, to cover
the entire domain policy.
But maybe we need a flat in the policy that says the specific sub-doman
policy should be looked up.
So you always start at the base (A), then if the flag does not say to
try the sub-domain, then this can serve as a short circuit to
minimize lookups. But if it does, then the direct lookup is done.
Make sense?
---
HLS
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html