ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] base-04 //inverting key t= 's'ub-domain flag

2006-07-19 15:46:37
Douglas Otis wrote:


On Jul 19, 2006, at 1:40 PM, Michael Thomas wrote:

-1

First of all this would break backward compatibility with the existing DK records. Second, I don't see what the problem is with the current sense: if you don't like subdomains, by all means set t=s. And I can tell you from first hand experience as somebody who has deployed this: the subdomain signing feature is definitely being used, so the comment on draft standard does not apply.


Inverting the meaning of the "s" flag is compatible with a DomainKeys record, as the DomainKeys signature does not include a separate signing identity nor an "s" flag.

Note I said "backward compatible"; this proposal is not. A DK record deployed now signs for all of its subdomains. Your proposal would not only invalidate working implementations now, but it would require sites to go on a wild goose chase to figure out all of the hosts/subdomains are sending mail. For our situation, that would
make a feasible deployment an infeasible deployment overnight.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html