Douglas Otis wrote:
On Jul 19, 2006, at 1:40 PM, Michael Thomas wrote:
-1
First of all this would break backward compatibility with the
existing DK records. Second, I don't see what the problem is with
the current sense: if you don't like subdomains, by all means set
t=s. And I can tell you from first hand experience as somebody who
has deployed this: the subdomain signing feature is definitely being
used, so the comment on draft standard does not apply.
Inverting the meaning of the "s" flag is compatible with a DomainKeys
record, as the DomainKeys signature does not include a separate
signing identity nor an "s" flag.
Note I said "backward compatible"; this proposal is not. A DK record
deployed now
signs for all of its subdomains. Your proposal would not only invalidate
working
implementations now, but it would require sites to go on a wild goose
chase to
figure out all of the hosts/subdomains are sending mail. For our
situation, that would
make a feasible deployment an infeasible deployment overnight.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html