On Wed, 6 Sep 2006, Jim Fenton wrote:
The tree-walking issue (separate from the user-level SSP) issue has
concerned me too. The allman-dkim-ssp-02 draft has it down to 2 queries
-- much improved from the previous revision, in part because of the use
of a separate RR.
Are you sure there is a limit? I distinctly remember a paragraph from
your draft that says that in case of NODATA the verifier needs to
walk down the tree until it reaches root.
Also while I think separate RR is right way to go, I have to note
that since you want to already use TXT for public key, you might
as well (ab)use it for these policy records too - otherwise you'd
cause difference in adoption rates for those wanting to use
signatures and those who want to use policy, making using police.
And personally I think public key is the one that a lot more
belongs into being separate RR (binary CERT preferably) though
in reality you should just avoid putting large public key records
in dns all together as it brings further abuse and problems for
caching name servers that can be avoided otherwise.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html