The tree walk should address whether we do anything for domain-part names that are resource record names rather than DNS domains. Such names cannot be given a _dmarc. subdomain, so they cannot be given an exact-match DMARC policy.
Always doing a one-level walk from the bottom would ensure that they can have a policy at the closest possible layer. On Tue, Nov 2, 2021, 10:09 PM John Levine <[email protected]> wrote: > It appears that Scott Kitterman <[email protected]> said: > >4. Common parent domain not marked PSD. We could add a new tag to the > DMARC > >records for PSDs to indicate it's a PSD, so it's record shouldn't be used > for > >alignment. Getting this added to the literal handful of PSD records that > >exist and specifying it should be used going forward is doable. To > implement > >this approach should produce identical (modulo PSL errors and omissions) > >results to the RFC 7489 approach. It seems like we've decided to trust > that > >ICANN and ccTLD operators will effectively manage publication of PSL > records > >for policy discovery, so this leverages that trust to simplify alignment > while > >maintaining backward compatibility. > > This is a much better worked out version of my DNS tree climbing > proposal. I like it too. > > R's, > John > > PS: Just out of nosiness, what PSD records exist now? > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
