On Mon, Nov 28, 2005 at 10:36:19AM -0800, Dave Crocker allegedly wrote:
Folks,
For those not on the IETF Announcement list, the following is relevant to
the DKIM DNS RR effort:
The IESG has approved the following document:
- 'Storing Certificates in the Domain Name System (DNS) '
<draft-ietf-dnsext-rfc2538bis-09.txt> as a Proposed Standard
Yeah. I've looked at this, along with a good number of other
efforts. The question arises as to whether Selector attributes are the
moral equivalent of certificate attributes.
Consider that an rfc2538 RR consists of four fields: type, tag, alg
and cert. This means that we'd have to embed all of the Selector
attributes into the cert blob and thus we still have to define the
format of that blob such that it can handle the attributes we need.
The second issue this raises is that we aren't taking full advantage
of the type matching capability of DNS. We still need to sub-type
search to ensure that the returned CERT RRset contains a DKIM cert
unless we continue to insist on namespace separation. I'm under the
impression that this type of sub-typing is not viewed favorably.
Mark.
_______________________________________________
ietf-dkim mailing list
http://dkim.org