One of the major reasons I've been promoting the idea of the third party
authorized list/DSD is to allow smaller domains that do not have the ability
to do subdomain NS delegation to get the effective benefit of first party
signing. So, when I saw this:
On Saturday 26 August 2006 23:16, Wietse Venema wrote:
(*) This is possible even when the signer is in a different domain.
All they need is the private key that matches the public key
in the d= DNS record. That record can, but does not have to,
be CNAME delegated to the signer's DNS.
I was interested. Is a CNAME a reasonable alternative to the subdomain NS
delegation approach that's been described previously? I don't recall this
being mentioned before. It makes sense to me, but I certainly hadn't thought
of it. If this is viable, it changes, somewhat, my perspective on the
significance of the requirement that we've stopped discussing for now.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html