I think that it is clear that there has to be some form of guideline to
like use of the DNS for security policy distribution. It is clear that
DKIM is going to be copied widely. It can be copied well or baddly.
_policy._domainkey.domain TXT "o=-;a=email"
_policy._domainkey.domain TXT "o=~;t=y;a=sip"
Without commenting on the rest, this approach is not as good
as the multiple selector approach as it is likely to lead to
bloating the response beyond the size of a UDP packet.
Depending on the software involved you may end up with some
semi-random subset of the responses or escalation to TCP
access. Neither is a good thing.
I agree with Steve, we need separate selactors for each protocol policy
and the process for defining them has to be workable.
I would suggest reserving the prefix _domainkey for policy records that
make use of the same syntax and tag-value pair semantics as domain keys.
If someone wants to define a policy record that takes a different
approach then use a different prefix.
We should avoid the situation where we have two groups trying to lay
claim to _pop3._domainkeys. With incompatible semantics. It is not a
problem if there are two groups with distinct prefixes.
Ultimately we are going to have to define a security policy distribution
mechanism for the Internet.
_______________________________________________
ietf-dkim mailing list
http://dkim.org