On Thu, Mar 30, 2006 at 10:09:24AM -0800, Jim Fenton allegedly wrote:
There's a different situation for key records and
policy/practice/(petunia?) records. The choice of whether to use a new
RR or a TXT key record should be retrieved is something that can be
represented in the signature (the query type, q=, tag has been suggested
which makes sense).
As a practical matter, I don't see how this can actually work to
eliminate the DKK then TXT sequence because you don't know the
capabilities of the verifiers. Can they fetch DKK? No one knows.
During transition, signers will be significantly at risk of not being
verifiable if they just use q=dkk. Hence, most, if not all signers
will likely use q=dkk,txt (or whatever the syntax is) to explicity
tell the verifiers to try both, which in turn means the signer has to
maintain both.
The net result is that signers will all be saying try DKK and fall
back to TXT.
The only true advantage to being explicit with q= is that it lets
TXT-only sites optimize away the failed DKK lookup, but it adds no
value to signers supporting DKK.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html