Our original choice of N was based on the PSL. The PSL could not detect organizational boundaries could not boundaries below level 5, because it had no entries longer than 5 labels, and we determined that the 5-label entries were not used for mail. Therefore, any increase in N is new capability. That new capability is probably desirable, but need not be limitless. Using an N of 8 introduces a lot of new capability.
As the number of labels increases, the probability of abuse increases -- either malicious use of non-existent subdomains, or malicious creation of meaningless subdomains. This provides strong incentive to limit N to a small number. I don't have any objection to 8. There are two defenses available to evaluators who fear malicious use of maximum N: - Test for From domain existence first. If the domain does not exist, do a top-down search for the first domain that does exist. Mail From and DKIM domains do not need to be tested separately for existence, as they cannot verify unless the domain exists. - Use result caching so that domains with a high number of labels are not researched multiple times. DF On Sun, Apr 14, 2024 at 7:23 PM Murray S. Kucherawy <[email protected]> wrote: > On Sun, Apr 7, 2024 at 10:33 AM Scott Kitterman <[email protected]> > wrote: > >> >Seth says there are people who need N=8 but for business reasons he >> can't tell us who they are. I'm not thrilled about that but I see little >> downside to bumping the number up to 8. >> >> I expect that's where we end up, but I think we need something more than >> one of the chairs said there are secret reasons. >> > > I agree, "Why 8?" is a very reasonable question for any reviewer to ask. > > -MSK, p11g > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
