[ietf-dkim] New Issue: Applicability of SSP to subdomains
Hector Santos
hsantos at santronics.com
Thu Dec 7 22:40:24 PST 2006
william(at)elan.net wrote:
>
> On Thu, 7 Dec 2006, Jim Fenton wrote:
>
>> I'm really confused by your reply. The question is simply, "should it
>> be possible for an SSP record published by example.com to also apply
>> to sub.example.com [for any value of sub]".
>
> Its not quite that simple, the issue is really should you go out of
> your way to solve issue which is more fundamental due to missing
> feature in current DNS protocol and its wildcards (especially if
> that involves complicating with extra queries...). My view is
> somewhat similar to Phillip - I think this issue should be worked
> on in general, but I don't think it should be done in the context
> of this WG (i.e. not part of your protocol specs).
Good point, but in lieu of industry wide support for wild cards, we do
have the fallback logic of doing direct lookups.
Yes, absolutely, not ideal and probably can create more redundant DNS
query faults on the net than we really care for, but we do need the
general idea worked out as you elude to above.
To me, the question is valid:
Does my received do a lookup order of:
D.C.B.A
C.B.A
B.A
A
or just start at the BASE first?
I think the answer lies on the application side: Should DKIM/SSP offer
domains the ability to have two or more policies with the same base domain?
Example:
public.santronics.com - a more relaxed option policy
santronics.com - exclusive policy
---
HLS
More information about the ietf-dkim
mailing list