Re: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delega

Scott Kitterman wrote:

On Monday 28 August 2006 16:58, Michael Thomas wrote:
This has been discussed before, and the answer is that it doesn't work very
well. You can't, for instance, CNAME an interior node -- just leaf
nodes. For
DKIM, the ability to roll selector names pretty much means you'd want to
manage
the subtree not just a leaf. I expect for any sort of scale and/or key
management on
the target of the CNAME, you'd end up with a lot of broken links.
Thanks,
But wouldn't Jim's suggestion of pre-creating extra CNAMES allow for keymanagement by the operator?
Keeping in mind that we are focused on small domains that don't have theability to do subdomain NS delegation, do you think that for small scale theapproach would be reasonably useful?

That assumes you know what the operator will name the new selectors -- that

seems a bit problematic in the large, but for some situations might beok. I didn't

even realize the Jim was using CNAME's for his selectors...

      Mike
_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

RE: [ietf-dkim] Reputation trusted layers is out of scope, Hallam-Baker, Phillip

Next by Date:

Re: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delegation, Eric Allman

Previous by Thread:

Re: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delegation, Scott Kitterman

Next by Thread:

Re: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delegation, Wietse Venema

Indexes:

[Date] [Thread] [Top] [All Lists]