Ok, Dave has stated some of my concerns in a much better way than I could
have. To underscore this:
We aren't telling folks how to add the new DNS information, but we *are*
deciding to use the existing installed admin and ops base of experience
for the query service.
Choosing DNS as the query service was a significant, strategic benefit
because it re-uses existing admin and ops methods.
Correct and to put an even finer point on it; we deliberately intended to
re-use the existing installed base of DK keys with DKIM which I think is
just massively important (as I keep saying, sorry to bore everyone). It
minimizes the need for re-issuance of public keys (which for end-users is a
great thing) and it brings Yahoo that much closer to being the first large
ISP to start signing with DKIM (note, I do not speak for Yahoo; this is just
my assessment of the situation). I hope that even the engineering "purists"
amongst us can see the tactical and strategic advantages (dare I say, the
"politics") of something like that. It is a relatively small thing that
could go a long way toward gaining critical mass for something like DKIM.
That is, they should be able to take the new IETF DKIM specifications,
implement it, and be able to process original DKIM signatures.
Wow, that would be wonderful too.
--
Arvel
_______________________________________________
ietf-dkim mailing list
http://dkim.org