It appears that Tobias Herkula <[email protected]> said: >-=-=-=-=-=- >As an entity you want to be on the PSL to declare an organizational boundary, >and usage is now for Cookies, Certificates, Domain Reputation and most likely >a longer list of >more obscure individual use cases. So most of the time a DNS-RR on a DNS label >that states “I’m a PSL” is the use-case that would be needed. The Problem that >comes >with a simple DNS-RR is, that it’s not possible anymore to discern between a >PRIVATE decision to be a PSL and a PUBLIC (ICANN/IANA contract obligation) >decision to be a >PSL. And that would make it much harder to tackle malicious intent. For >example: ...
In the DBOUND working group we had a couple of worked out proposals for publishing boundary info in the DNS, including one of mine, which lets you find the boundary above any domain name with one or two lookups, using wildcards so you don't have to put a tag on every name. Code here, with a link to the spec: https://github.com/jrlevine/bound R's, John PS: I still think Scott's treewalk is a better option for DMARC. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
