>Dale twice in his comments expresses doubt that it's possible for anyone to >know all PSDs; the mention of a specific PSL in the abstract was an attempt >to answer those doubts.
This kind of stuff drives me nuts since it suggests the reviewer isn't familiar with all of the other stuff that has the same issue. Plan A: This is essentially the same problem that affects browser supercookies or signing wildcard SSL certificates, both of which have been in production for many years. It's not a new problem, there are approximate solutions and it doesn't have to be perfect to be useful. Plan B: Major rewrite: Define PSD as Policy Super Domain. Say that the PSD is defined as the domain one up from the Org domain, see RFC 7489, full stop. Do not offer any other suggestions about how to find it, do not mention the PSL -- you've already got the org domain, one snip and you're done. Take out all of the public suffix stuff. If you want, you can add another informative paragraph that says that Policy Super Domains often have legal or contractual relationships with their child org domains so this can be useful to express policies intended to apply to all of their org domains, perhaps with shorter versions of the .bank or .gov.uk examples, but don't go very far, since it's not part of the definition and especially don't mention the PSL or use the phrase public suffix. I'd suggest plan B since people will otherwise be complaining about the PSL forever, even though we're already stuck with it for org domains. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
