Scott Kitterman wrote:
Thanks,
But wouldn't Jim's suggestion of pre-creating extra CNAMES allow for key
management by the operator?
Keeping in mind that we are focused on small domains that don't have the
ability to do subdomain NS delegation, do you think that for small scale the
approach would be reasonably useful?
Michael Thomas:
That assumes you know what the operator will name the new selectors -- that
seems a bit problematic in the large, but for some situations might be
ok. I didn't even realize the Jim was using CNAME's for his selectors...
For long-term applications, the need to pre-create selector2006/2007/etc.
is an inconvenience. For short-term applications, however, a CNAME
may have more benefits. It allows a site maintain control over what
names are delegated. With delegation of an entire DNS subtree there
is less control over the delegated name space.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html