On Fri, 29 Sep 2006 10:17:36 +0100 Stephen Farrell
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:
So - on the jabber chat we almost established a rough consensus
not to include designation at this point.
If no-one else speaks up either way, I reckon that that's the
only resolution, i.e. we drop designation.
I have been experimenting over the last few days with the use of CNAME
records as an alternative to NS delegation as suggested by Weitse Venema
and seconded by Jim Fenton. I agree that is a viable alternative and so I
withdraw my earlier assertion that this feature is needed to support
deployability. I am not aware of any DNS providers that do not support
CNAME.
IMO, this only leaves the question of where accountability for email should
lie. Today, accountability is primarily with the provider based on IP
address. The designated signer approach preserves this since messages will
be signed by the operator's domain. First party signatures for the
author's domain applied by an administratively separate MTA changes that
and pushes accountability to the author and away from the sender.
This is, of course, the social engineering conundrum that Weitse Venema
warned about a few weeks ago. Personally, I think the designated signing
approach is better aligned with current practice and has less social
engineering risk, so I think that the requirement should remain.
That said, my primary concern was the issue of deployability and I think
that's been adequately addressed without this requirement. I am mildly in
favor of keeping it, but don't feel strongly about it.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html