----- Original Message ----- From: "Jim Fenton" <[EMAIL PROTECTED]> To: "Thomas A. Fine" <[EMAIL PROTECTED]>
>> If the policy says no overrides, then whatever policy you >> find, you're> done, and you don't have to look up any more. >> If there's no policy, you assume a default of override-depth=1 >> (or at most 2), and walk down one step. If no policy is found >> there, then you're done, and policy is null. > This is an interesting and flexible idea, but somewhat outside > our threat envelope. Subdomains can publish DKIM keys. Why > shouldn't they always be able to publish SSP? +1 However, Mr. Fine re-raises a good point that I have on regarding optimization. Why should a large company with many sub-domains be force to create a policy for each sub-domain when one or more can cover many? I guess perhaps future DNS servers would be able to cater to this better by merging records for specific query keys. I punt the DNS gods on this one :-) -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
