> With this comment, we see the pernicious effect of using a binary psd=(y|n) > token to represent a multi-valued role. When the role indicator is > missing, there is no default value, instead it must be inferred from the > context. Since the author of the proposed text is confused on this point, > it is certain that the general community will be confused as well.
I don't see that that follows at all. Regardless of how the tag is formed, the text needs to specify what happens when it's not present. Saying, explicitly, that the default is "psd=n" if the psd tag is absent makes the situation quite clear, with no inference needed. Barry > On Wed, Mar 16, 2022 at 11:27 PM Scott Kitterman <[email protected]> wrote: >> >> On Wednesday, March 16, 2022 11:02:00 PM EDT John Levine wrote: >> > It appears that Scott Kitterman <[email protected]> said: >> > >It took a fair amount of editing and I expect you all will have further >> > >suggestions, so instead of getting up to my elbows in XML, I took the >> > >published DMARCbis-05 text and updated it directly. The modified version >> > >and an rfcdiff are attached. >> > >> > It's closer, but I think it still needs some reorganization. I think this >> > is where we want to end up: >> > >> > Policy domain: if a domain has a dmarc record, that's the policy, otherwise >> > use the org domain's policy or if no org domain policy, PSD policy. >> > >> > You need to find org domains if >> > a) the domain has no DMARC record so you use the org domain's instead, OR >> > b) the DKIM domain doesn't match the from header domain and policy adkim=r. >> > OR c) the SPF domain doesn't match the from header domain and policy >> > aspf=r. >> > >> > To find the org domain for a domain: >> > chop the domain to the last five labels and walk up the tree. >> > stop when you find a DMARC record with psd or you hit the root. >> > if a record has psd=n, that's the org domain >> > if a record has psd=y and it isn't the original domain, the org domain is >> > the one below it otherwise the org domain is the last (highest) DMARC >> > record you found >> > >> > Relaxed alignment doesn't change, if two domains have the same org domain, >> > they're aligned. >> > >> > Minor nit: if a name has two or more DMARC records, that's invalid so >> > pretend it had none. >> >> Thanks. I think that makes sense. Based on an offlist comment I got, I >> think >> it needs to say has an explicit psd=n in the record or something like that. >> Since psd=n is the default, it's implicitly true for any record that doesn't >> have psd=y in it. >> >> I'll take another shot at it, but I'm unlikely to finish it tonight. >> >> Scott K >> >> >> _______________________________________________ >> dmarc mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dmarc > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
