On Wed, Nov 11, 2020 at 09:39:38PM +0000, Tony Finch <d...@dotat.at> wrote a message of 34 lines which said:
> Well, the other Very Prominent example is CAA records, which also > involve walking up the tree to discover policy. It would be nice if > things like CAA and DMARC could agree with each other about how they > discover domain-wide policies. IMHO, the CAA algorithm is bad because it crosses administrative boundaries. RFC 8659 at least excludes the root but it still allows, for instance, AFNIC to put a CAA record in .fr which will apply to all .fr domains which do not have an explicit CAA. It seems bad. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
