[ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delegation

One of the major reasons I've been promoting the idea of the third party 
authorized list/DSD is to allow smaller domains that do not have the ability 
to do subdomain NS delegation to get the effective benefit of first party 
signing.  So, when I saw this:

On Saturday 26 August 2006 23:16, Wietse Venema wrote:

(*) This is possible even when the signer is in a different domain.
    All they need is the private key that matches the public key
    in the d= DNS record. That record can, but does not have to,
    be CNAME delegated to the signer's DNS.


I was interested.  Is a CNAME a reasonable alternative to the subdomain NS 
delegation approach that's been described previously?  I don't recall this 
being mentioned before.  It makes sense to me, but I certainly hadn't thought 
of it.  If this is viable, it changes, somewhat, my perspective on the 
significance of the requirement that we've stopped discussing for now.

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [ietf-dkim] Responsibility concerns with Designated Signing Domains, Dave Crocker

Next by Date:

Re: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delegation, Jim Fenton

Previous by Thread:

Re: [ietf-dkim] Re: Responsibility concerns with DesignatedSigningDomains, Hector Santos

Next by Thread:

Re: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delegation, Jim Fenton

Indexes:

[Date] [Thread] [Top] [All Lists]