[ietf-dkim] New Issue: protecting a domain name vs. protecting a domain tree
Dave Crocker
dhc at dcrocker.net
Mon Apr 7 14:32:25 PDT 2008
robert at barclayfamily.com wrote:
> Like others I am guessing that you are referring to section 4.2.2 step 2.
Yup.
> Since the domain doesn't exist the administrator can't have
> been expected to create a policy for it so error seems like the right answer
> to me.
That presumes the goal of protecting an entire sub-tree.
Absent that goal, the goal is to cover domains that have ADSP records. Very
different scope of effort.
> Otherwise to create policies for all of my domains I would have to create
> policies not just for all existing sub-domains of that domain (which I
> personally would support) but all conceivable sub-domains of a domain (which
> I don't think I would).
Again, creating records for every conceivable name -- and no, I can't imagine
any reasonable administrator attempting that -- is only an issue if there is a
belief that ADSP can 'protect' all names in a sub-tree.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list