On Tue 12/Nov/2019 07:59:09 +0100 Ian Levy wrote: >> while _dmarc.gov.uk returns a valid record. The latter is a Nominet, >> already solved problem, AFAICS.> > I can speak authoritatively about this. What we’ve got is an evil, hacky > kludge that has some weird side effects (since we respond to *any* non > existent sub domain, not just DMARC and SPF related ones). It’s just about > passable as an interim, but we believe we need a better, targeted solution > along the lines of Scott’s draft.
Thank you for chiming in. Let me pinpoint that the hack you talk about is the use of wildcards, which Scott's draft tries to fix with the np= tag. That's a protocol issue. At a PSO level, someone decided that gov.uk can publish TXT records which may affect all of the downward tree --solved. The bank PSO cannot do that, and we (the WG) look forward to ICANN allowing it --not yet solved. The com PSO cannot do it either, but I'd guess lots of people trust that ICANN will never allow it. I hope I've now clarified what I mean by "ICANN problem". Scott's draft cannot solve it, albeit it nearly touches on the point at the end of the intro. It is not a protocol problem. It involves PSO-registrants agreements, and ICANN managing that stuff. There is not much we (the WG) can do, except hoping that ICANN may consider protocol factors when making decisions. As an Internet user, I'd welcome diversity among TLDs, as numerousness without diversity becomes just annoying. Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
