Re: [ietf-dkim] New Issue: Applicability of SSP to subdomains
Hector Santos <hsantos@santronics.com> Sat, 09 December 2006 02:53 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GssKz-0007mY-Ak for ietf-dkim-archive@lists.ietf.org; Fri, 08 Dec 2006 21:53:17 -0500
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GssKv-0001Xe-R6 for ietf-dkim-archive@lists.ietf.org; Fri, 08 Dec 2006 21:53:17 -0500
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id kB92pLBD030796; Fri, 8 Dec 2006 18:51:22 -0800
Received: from winserver.com (ftp.catinthebox.net [208.247.131.9]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id kB92pGPd030772 for <ietf-dkim@mipassoc.org>; Fri, 8 Dec 2006 18:51:16 -0800
Received: by winserver.com (Wildcat! SMTP Router v6.2.452.1) for ietf-dkim@mipassoc.org; Fri, 08 Dec 2006 21:51:49 -0500
Received: from [192.168.1.101] ([72.144.158.205]) by winserver.com (Wildcat! SMTP v6.2.452.1) with ESMTP id 498527375; Fri, 08 Dec 2006 21:51:48 -0500
Message-ID: <457A246E.3000404@santronics.com>
Date: Fri, 08 Dec 2006 21:50:22 -0500
From: Hector Santos <hsantos@santronics.com>
Organization: Santronics Software, Inc.
User-Agent: Thunderbird 2.0a1 (Windows/20060724)
MIME-Version: 1.0
To: Jim Fenton <fenton@cisco.com>
Subject: Re: [ietf-dkim] New Issue: Applicability of SSP to subdomains
References: <4553F9CA.9080705@cisco.com> <457899C7.4030202@cisco.com> <9CFCAD84-8368-4DB9-BF0B-E7B0E6A54623@mail-abuse.org> <4578EB09.6070806@cisco.com> <45790304.80709@santronics.com> <4579AFB9.10304@cisco.com>
In-Reply-To: <4579AFB9.10304@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Songbird: Clean, Clean
Cc: ietf-dkim@mipassoc.org
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
Jim Fenton wrote: > Hector, > > Hector Santos wrote: >> Jim Fenton wrote: >> >>> The question is simply, "should it be possible for an SSP record >>> published by example.com to also apply to sub.example.com [for any >>> value of sub]". >> >> Yes, but allowance is made for the sub as well. Isn't the specs >> currently written as such? > draft-allman-dkim-ssp does attempt to address subdomains, but there are > problems with its methodology that I presented at the WG meeting. I know > you weren't there, but if you look at the slides at > http://www3.ietf.org/proceedings/06nov/slides/dkim-3.pdf, especially > slide 4, it discusses this further. Thanks, printing it out now. > But this question is about the SSP requirements draft. Currently the > requirements draft is silent on this issue, and not all of the drafts > presented at the WG meeting address propagation of SSP to subdomains, > which is what prompts me to ask the question. Lookup order would then > be a secondary question if we decide that we need to address subdomains. I agree. I think it fits and we need it simply because from the domain owner standpoint sub-email-domains will mostly likely have different purposes for their existence. Everyone may apply it differently, but I think it fits for DKIM purposes as well. Technically, look at the print slide #4, the "Solution:" item: Given D.C.B.A, does this imply the lookup is? A B.C C.B.A D.C.B.A and you stop at the first NXDOMAIN? So for example, lets say their are policies written for A Policy 1 - company wide B.C Policy 2 - subdomain C.B.A Policy 3 - subdomain D.C.B.A NXDOMAIN Which policy is applied for D.C.B.A? Policy 3? Did I read that slide right? If so, what is technically wrong starting at the bottom first, with the direct domain first, then if NXDOMAIN, go to the next base domain? hmmmm, I think I see why you want to start at the base first, to cover the entire domain policy. But maybe we need a flat in the policy that says the specific sub-doman policy should be looked up. So you always start at the base (A), then if the flag does not say to try the sub-domain, then this can serve as a short circuit to minimize lookups. But if it does, then the direct lookup is done. Make sense? --- HLS _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- [ietf-dkim] New Issue: Applicability of SSP to su… Jim Fenton
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Michael Thomas
- [ietf-dkim] Re: New Issue: Applicability of SSP t… Frank Ellermann
- Re: [ietf-dkim] New Issue: Applicability of SSP t… John Levine
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Jim Fenton
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Douglas Otis
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Jim Fenton
- Re: [ietf-dkim] New Issue: Applicability of SSP t… william(at)elan.net
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Hector Santos
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Hector Santos
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Douglas Otis
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Jim Fenton
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Damon
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Eliot Lear
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Michael Thomas
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Hector Santos
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Scott Kitterman
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Michael Thomas
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Graham Murray
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Scott Kitterman
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Scott Kitterman
- Re: [ietf-dkim] Blocking improperly signed messag… Douglas Otis
- Re: [ietf-dkim] New Issue: Applicability of SSP t… John Levine
- Re: [ietf-dkim] Blocking improperly signed messag… Hector Santos
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Scott Kitterman
- Re: [ietf-dkim] Blocking improperly signed messag… Scott Kitterman
- Re: [ietf-dkim] New Issue: Applicability of SSP t… John Levine
- Re: [ietf-dkim] New Issue: Applicability of SSP t… Michael Thomas
- Re: [ietf-dkim] Blocking improperly signed messag… Steve Atkins
- Re: [ietf-dkim] Blocking improperly signed messag… Douglas Otis
- Re: [ietf-dkim] Blocking improperly signed messag… Damon
- Re: [ietf-dkim] Blocking improperly signed messag… Steve Atkins
- Re: [ietf-dkim] Blocking improperly signed messag… Hector Santos
- Re: [ietf-dkim] Blocking improperly signed messag… Douglas Otis
- Re: [ietf-dkim] Blocking improperly signed messag… Damon
- Re: [ietf-dkim] Blocking improperly signed messag… Hector Santos
- Re: [ietf-dkim] Blocking improperly signed messag… Douglas Otis
- Re: [ietf-dkim] Blocking improperly signed messag… Paul Hoffman
- [ietf-dkim] Re: Blocking improperly signed messag… Frank Ellermann
- Re: [ietf-dkim] Re: Blocking improperly signed me… Steve Atkins
- Re: [ietf-dkim] Re: Blocking improperly signed me… Damon
- Re: [ietf-dkim] Re: Blocking improperly signed me… Douglas Otis
- [ietf-dkim] Re: Blocking improperly signed messag… Frank Ellermann
- Re: [ietf-dkim] Re: Blocking improperly signed me… Wietse Venema
- [ietf-dkim] Re: Blocking improperly signed messag… Frank Ellermann
- Re: [ietf-dkim] Re: Blocking improperly signed me… Hector Santos