Stephen Farrell wrote:
Yep. 120 names sounds horrible. But then so would be 120 delegatees
of whatever flavour probably.
But I at least have no clue as to how many domains would have so
many delegatees, versus how many would not easily be able to use
NS delegation or key based delegation. And I see different opinions
on the list. That's why I find it hard to see how to we can decide
this well. (Though we will decide it well of course.)
I have yet to see concrete examples of domains that would not easily be
able to do NS delegation or key-based delegation. There seems to be an
assumption that it's easier for some domains to publish TXT records than
it is for them to publish NS records, but I haven't seen anything to
support this.
There is also an underlying assumption that SSP will be published using
TXT records, which has not been decided. I believe there are good
reasons for using a new RR for this, even though this might be yet
harder for some domains to publish at first.
Delegation of keys, either through publication of a selector that
includes a provider's public key or through delegation of a subdomain to
a provider, does not run into this problem.
True. But 120 copies of the same public key is also bad, and 120 copies
of the same private key is unthinkable (for a security type anyway:-).
I don't personally know if 120 copies of the same key record in
different bits of the DNS is bad, not whether 120 key records for a
single domain is very bad. Doesn't sound good though.
The 120 delegates using key delegation can easily have have their own
distinct keys. They just sign with different selectors. Nobody is
proposing doing key delegation using the same key, AFAIK.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html