John Levine wrote:
A
difference is that if you have many CNAMEs pointing to one place for
the TXT, you can change what's at the place once and it changes
everywhere else.
That is the main administration issue that CNAME's simplify that I meant
to confer, yes. It could be a big deal for service providers, having
the changes in one place for domains that don't opt in for custom keys.
While the effort to put in TXT records and CNAMES may be seemingly the
same, the subsequent management is what I'm concerned with - and it is
hard for me to put something into place if I can't find a way to manage it.
The other,
more interesting, one is when the zone with the CNAME and the zone of
its target are under different management. For contracting out, a
CNAME could be quite useful to point your _domainkey subdomain at
someone else's nameserver so that someone else can do all the key
management.
More interesting, yes, but I think that management of the keys, even
within an organization like a hosting ISP that has control of DNS, is
still an issue to be dealt with, given the number of domains/entries
involved, and that CNAME's do offer a viable management point today.
Thanks,
David
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html