For me, the appeal of a tree walk would be to eliminate the PSL. But an artificially constructed domain name could have more than 100 segments, so walking the entire tree seems like an opportunity for denial of service attacks.
If we walk up from the bottom and quit too soon, a phony but long name could be used to evade the actual domain policy. We could limit complexity by starting at the PSL or organization and walking down a limited number of segments, but this approach preserves the need for a PSL. These objections would not apply to a solution like the one suggested in ticket #59, where a name is checked for membership in a single sub-organizational unit. Eliminating the PSL was not an objective of ticket 59. Doug On Mon, Oct 25, 2021 at 3:33 PM Todd Herr <todd.herr= 40valimail....@dmarc.ietf.org> wrote: > Greetings. > > There are, by my count, eleven tickets that are primarily focused on or at > least touch on the issue of policy discovery. A specialized query for them > is at this URL - https://trac.ietf.org/trac/dmarc/report/15 > > The question of policy discovery has a few options as its answer: > > - Leave things as they are (meaning look up the policy for the > RFC5322.From domain and the organizational domain of that domain if > different) > - Add a third lookup for a public suffix domain > - Walk the DNS tree from the RFC5322.From domain all the way to an > agreed-upon level in the DNS hierarchy > - Something other than what's listed here > > The topic of policy discovery has been proposed for the agenda for the > upcoming DMARC session at IETF 112, and so this message should serve to > kick off a discussion of the topic now, so that we can have a most > productive discussion on the 9th. > > Thank you. > > -- > > *Todd Herr * | Technical Director, Standards and Ecosystem > *e:* todd.h...@valimail.com > *m:* 703.220.4153 > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
