I think it is possible to do everything we want using only TXT records.
I do not see any reason to involve NS records CNAME records or anything of the
sort, if we are getting that deep into the DNS architecture for basic policy
publication we are doing something wrong.
-----Original Message-----
From: Hector Santos [mailto:hsantos(_at_)santronics(_dot_)com]
Sent: Tuesday, August 29, 2006 4:29 PM
To: Hallam-Baker, Phillip; IETF-DKIM
Subject: Re: [ietf-dkim] Itemized Summary of SSP Requirements-00
----- Original Message -----
From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
The requirement that I believe that the delegation discussion
highlights is the need for controlled delegation.
I.E I delegate to Fred the ability to sign on behalf of
marketing(_at_)example(_dot_)com but not ceo(_at_)example(_dot_)com(_dot_)
The delegation example is relevant because it is only the policy
mechanism that creates the need to count a signature by Fred as a
domain signature for example.com.
Ok, but you think it will still work or its consistent with
the discovery requirement #1 discussed in section 5.1.1? Or
is this a DNS record preparation issue?
| 5.1. Discovery Requirements
|
| 5.1.1 [_] MUST use DNS RR TXT for Policy record.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html