In article <camsgclddqfkpgqdecy-sirduj2s5lmo665v28y0vrxuvokr...@mail.gmail.com> you write: >I know of no other >standard that requires this type of relationship.
Here at the IETF, the CAA DNS record that specifies which certificate authority can sign for what domains does a tree walk. If there is a CAA record at example.org it controls signing of foo.example.org and foo.bar.example.org and so forth unless they have their own CAA record. Every applicaton of the public suffix list implicitly does something akin to a tree walk. Its original application was to control cross-site web cookies, to say whether www.foo.co.uk can drop a cookie at foo.co.uk (yes) or co.uk (no). > This is something new. It will require administrators to continually check > what their >sub- and supra-domains are doing in order to escape interference by >DMARC records they did not create. I think this is unreasonable. Only >domains interested in applying DMARC should be involved with DMARC. ... Well, it's not that new since we published the DMARC spec five years ago, but this is what I have referred to as the Holy Roman Empire problem. In organizations that are not universities, the entity that is responsible for the registered domain generally sets policies for the whole organization, and a good deal of the DMARC design is there to let them figure out who is sending mail with their name on it from any of their subdomains and identify and adjust senders whose mail doesn't match the policy. We realize that universities are different, organized along the lines of the Holy Roman Empire, and the Elector of Central Asian Cross-Disciplinary Studies feels very strongly about any incursion on their autonomy including their mail setup. On the other hand, I observe that Brown, Cornell, Dartmouth, U Penn, and Yale, whose situations are not altogether unlike Columbia's, all publish DMARC records. Closer to home so do NYU and CUNY. They all say p=none with rua= to collect reports. You might give them a buzz to see how it works for them. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
