[EMAIL PROTECTED] wrote: > Like others I am guessing that you are referring to section 4.2.2 step 2.
Yup. > Since the domain doesn't exist the administrator can't have > been expected to create a policy for it so error seems like the right answer > to me. That presumes the goal of protecting an entire sub-tree. Absent that goal, the goal is to cover domains that have ADSP records. Very different scope of effort. > Otherwise to create policies for all of my domains I would have to create > policies not just for all existing sub-domains of that domain (which I > personally would support) but all conceivable sub-domains of a domain (which > I don't think I would). Again, creating records for every conceivable name -- and no, I can't imagine any reasonable administrator attempting that -- is only an issue if there is a belief that ADSP can 'protect' all names in a sub-tree. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html