Michael Thomas wrote:
For larger business and maybe ISP's even, our anecdotal experience at
Cisco is
that our messaging and DNS folks don't have mich to do with one
another (changing
mx records is not a ordinary event). Thus to achieve key rollover,
you'd need
to create linkages between the groups and their software that didn't
exist before.
Which is to say, a very slow process for the motivated, and a
non-process for
the unmotivated. Maybe SPF has helped here, but I doubt it.
This is true, but that's part of the benefit of putting the keys in the
_domainkey subdomain: it makes it possible, at least, for the messaging
folks to bug the DNS folks once for an NS delegation and then manage the
rest themselves. Assuming the DNS folks will actually give them the NS
delegation, of course. And our anecdotal experience at Cisco is that
they will.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html