On October 26, 2021 9:03:15 PM UTC, Todd Herr
<todd.herr=40valimail....@dmarc.ietf.org> wrote:
>On Tue, Oct 26, 2021 at 4:07 PM Scott Kitterman <skl...@kitterman.com>
>wrote:
>
>>
>> What does "an agreed-upon level in the DNS hierarchy" mean? The
>> organizational domain is the current "agreed-upon level". Is this the
>> same or
>> something different? We know you can't do this by counting dots in a
>> domain
>> name. If it's the same level as the current organizational domain, then
>> I'm
>> not sure why we would want to add more lookups. I'm not aware of a
>> problem
>> that would solve. If it's all the way to the top of the hierarchy, then
>> I'm
>> confident the answer is no. Regardless of exactly how the PSD experiment
>> lands, the rules for a PSD level lookup need to be different than for an
>> individual organization, so we still need to know where the break between
>> the
>> organizational level and the top level is (so still not sure why you would
>> want to do more lookups).
>>
>>
>There are two tickets of the eleven that advocate walking the tree. One,
>ticket #60, suggests walking the entire DNS tree until a policy is
>discovered. The other, ticket #121, champions a "one level tree walk".
>
>My use of the phrase "an agreed-upon level in the DNS hierarchy" was meant
>to acknowledge that both tickets exist, and that both propose the same
>method (tree walking) with different end points.
>
Thanks for the clarification.
For a 'normal' domain/sub-domain like eml.example.com where the domain has a
DMARC policy, every single implementation approach gives the same answer, so it
doesn't matter. The challenge is getting all the other cases right.
Until we understand what we want, overall, selecting a specific design to
achieve that goal is premature. Both of those approaches will give a wrong
answer (at least as I'd define it) for less usual cases.
Scott K
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
