[ietf-dkim] New Issue: protecting a domain name vs. protecting a domain tree

[robert at barclayfamily.com]

> Date: Mon, 7 Apr 2008 14:32:25 -0700
> From: dhc at dcrocker.net
> To: robert at barclayfamily.com
> CC: ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] New Issue: protecting a domain name vs. protecting a	domain tree
> 
> 
> 
> robert at barclayfamily.com wrote:
> > Like others I am guessing that you are referring to section 4.2.2 step 2.
> 
> Yup.
> 
> >    Since the domain doesn't exist the administrator can't have
> > been expected to create a policy for it so error seems like the right answer
> > to me.
> 
> That presumes the goal of protecting an entire sub-tree.
> 
> Absent that goal, the goal is to cover domains that have ADSP records.  Very 
> different scope of effort.
> 

I think I would describe my goal more narrowly than that. I don't think that any ADSP record should be protecting anything more than the exact domain the record is entered for. I also think it is worthwhile for it to be possible for a domain administrator to be able to cover everything within his administrative control with their own records if they want to do that.

The case we're talking about here is not whether or not it is worthwhile to protect the whole domain sub-tree but what to do when encountering something that is definitionally NOT part of the domain sub-tree (remember we're talking about NXDOMAIN cases here only, not intuiting anything about any actual domains). Since these things are not domains then saying that searching for a domain policy for them returns an error seems entirely reasonable to me.

Robert

_________________________________________________________________
Use video conversation to talk face-to-face with Windows Live Messenger.
http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL_Refresh_messenger_video_042008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/ietf-dkim/attachments/20080408/3cd64edb/attachment.html