I think we should split this out into different issues:
1) Do we need a delegation mechanism?
1a) What should the delegation semantics be?
2) What pointer mechanism should we use?
2a) What are the properties of NS records AS DEPLOYED
2b) What are the properties of CNAME records AS DEPLOYED
2c) What are the properties of PTR records AS DEPLOYED
2d) What are the penalties for defining a new record?
3) What are the deployment constraints?
On question 2b:
To answer Jim'squestion about CNAME support, I would be surprized if any DNS
proxy did not support transport of CNAME records which were defined in 1035. I
would expect the vast majority of DNS servers to support publication of them as
well, they are pretty basic to the functioning of DNS.
What my concern would be is what the effect of using them in this way would be.
In particular what is the effect of wildcard CNAME records? A lot of zones
already have those in place.
So what happens if I have outsourced all my Web hosting to Lieberhost.com by
declaring:
*.example.com CNAME www69.lieberhost.com
mail.example.com A 10.0.0.0
example.com MZ 1 1 mail.example.com
Oops I have just delegated signing authority for my outgoing emails even though
my MX record config clearly shows that I did not intend to do that.
So I conclude that CNAME would be a bad choice as existing records are likely
to bite you.
I suggested using PTR records in the policy case because they are widely
supported but have no predefined semantics that are likely to be trodden on. I
think the answer here is to look more closely at the delegation semantics.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html