Re: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delega

Scott Kitterman wrote:

Thanks,

But wouldn't Jim's suggestion of pre-creating extra CNAMES allow for key 
management by the operator?

Keeping in mind that we are focused on small domains that don't have the 
ability to do subdomain NS delegation, do you think that for small scale the 
approach would be reasonably useful?


Michael Thomas:

That assumes you know what the operator will name the new selectors -- that
seems a bit problematic in the large, but for some situations might be 
ok. I didn't even realize the Jim was using CNAME's for his selectors...


For long-term applications, the need to pre-create selector2006/2007/etc.
is an inconvenience. For short-term applications, however, a CNAME
may have more benefits. It allows a site maintain control over what
names are delegated. With delegation of an entire DNS subtree there
is less control over the delegated name space.

        Wietse
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delegation, Eric Allman

Next by Date:

Re: [ietf-dkim] Reputation trusted layers is out of scope, Stephen Farrell

Previous by Thread:

Re: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delegation, Michael Thomas

Next by Thread:

Re: [ietf-dkim] New Thread: Use of CNAME in place of NS subdomain delegation, Wietse Venema

Indexes:

[Date] [Thread] [Top] [All Lists]