Consolidation of multiple domains to a single key record. Useful when
contracting out signing, wouldn't you think?
Maybe. Adding a CNAME is no easier than adding a TXT record. A
difference is that if you have many CNAMEs pointing to one place for
the TXT, you can change what's at the place once and it changes
everywhere else.
Strongly agreed - an ISP that supports millions of hosting domains, for
instance, will see a administrative barrier to using DKIM without
CNAME's, at least to get started.
Again, seems to me that to get started adding a TXT and adding a CNAME
are the same amount of effort.
There are two general scenarios where CNAMEs are useful. One is when
you are changing the name of a domain, and use a CNAME to alias the
old domain tree to the new one for a transition period. The other,
more interesting, one is when the zone with the CNAME and the zone of
its target are under different management. For contracting out, a
CNAME could be quite useful to point your _domainkey subdomain at
someone else's nameserver so that someone else can do all the key
management. This applies even if every CNAME points to a different
place -- the goal is to give the owner of the target of the CNAME the
ability to change what's there without letting them mess with the rest
of your zone.
Note that all of this is well known in the DNS community. We're just
applying existing tools to our slightly unusual DNS application.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html