As I would hope everyone in this discussion would be aware, the "as if" rule applies to all IETF standards. You can do whatever you want so long as the result is the same as if you had done what the spec says.
In this case, the speedup from your change is unlikely to make any speed difference since the repeated queries will use cached results, the extra complication is confusing, and the extra utility is zero. As I have reapeatedly asked, if you think there are places where the tree walk results are wrong, show us some examples. Otherwise, please stop. R's, John It appears that Alessandro Vesely <[email protected]> said: >Hi, > >the need to actually determine the organizational domain is a >misconception. For alignment, it is sufficient to determine that the >organizational domain of two identifier is the same. There is no need >to actually walk up there. > >For example, let's reconsider the basic example with an added subdomain: > >From: @dept.example.com >DKIM d=signing.dept.example.com >MailFrom mail.dept.example.com > >_dmarc.dept.example.com has a classic DMARC record (w/o psd=), so >that's the policy (and reporting) record. To check, say, DKIM, a >verifier queries _dmarc.signing.example.com and gets NXDOMAIN. At >this point it already knows dept.example.com is valid. The org domain >probably is example.com, or maybe it has psd=y, or maybe it has no >record at all, who cares? Whatever it is, it is the same for parent >and child. > >In practice, this means that in the common cases it is not necessary >to query _dmarc.com. > > >I'd propose to collect this and the three shortcuts of Section 4.8 (no >need to perform Tree Walk searches for Organizational Domains) and >move them to an appendix. > >To better clean up that section, I'd also remove the paragraph: > > To discover the Organizational Domain for a domain, perform the DNS > Tree Walk described in Section 4.6 as needed for any of the domains > in question. > >It can be understood as stating that the algorithm which follows >allows to determine the org domain for any domain at hand. Indeed, it >does not say that the algorithm is valid for the needed domains only. > > >Best >Ale >-- > > > > > > > > > _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
