-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Dave Crocker
Sent: Thursday, May 01, 2008 6:03 PM
To: J D Falk
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] end-users vs filtering engines
J D Falk wrote:
Wietse wrote:
How would a receiver discover the top-level domain given
example.com,
example.ac.uk, example.org.au, etc.?
The same way we do now: annoying, manually maintained case
statements.
This relies on a resource that is not specified in the document, is
not
publicly standardized, and changes.
Not such a good thing.
d/
--
But is it such a bad thing Dave? This is why I'm suggesting specifying
how the domain owner can articulate the policy but not specifying (at
this point) how a receiver might use it. It's that old King Canute thing
that John likes to bring up.
Different receivers will take different approaches for taking advantage
of "A=Y" initially. Why would this be an issue? I have a strong feeling
that the domain owners most likely to take advantage of something like
this do not have tons of subdomains in their trees.
I expect ADSP records to generally have (relatively) long TTLs. Do we
expect most adopters to be changing their policies willy nilly? If I
really wanted to make a change I would shorten up the TTL and then wait
until well after the original TTL had passed to make the change. It's
only an issue if someone has already published an ADSP policy - wouldn't
it be nice if we could get ADSP out the door so people could actually
start implementing?
The overall hit in terms of lookups, tree walking, etc is not likely to
be significant. I would expect (early) implementers to cache the results
locally for the duration of the TTL rather than going externally for an
ADSP lookup for each and every piece of email.
There is a reason the name was changed from SSP to ADSP. With respect to
that we should be asking ourselves how to empower author domains to
express their signing policies in ways that then empower receivers to
make rational decisions about how to handle (validly) signed vs unsigned
email.
J.D. and several others have indicated that they would determine base
domains manually with regard to various TLD practices. I go back to my
original question to receivers. Would an "A=Y" (or however syntactically
constructed) assertion be sufficiently useful to receivers and
reputation service providers that they would take advantage of it?
Would it make sense to require an ADSP publisher wishing to utilize this
to publish it for all (that would be a MUST) subdomains in a tree making
such an assertion?
If receivers and reputation service providers don't feel such an
assertion is particularly useful then we can drop the discussion and
move on to other things.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html