[Top] [All Lists]

RE: [ietf-dkim] Re: Last Call: 'DomainKeys Identified Mail (DKIM)Signatures' to Proposed Standard (draft-ietf-dkim-base)

2006-11-19 08:21:53

[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Cullen 
On Nov 14, 2006, at 11:03 AM, Paul Hoffman wrote:

At 4:17 PM +0100 11/14/06, Joe Abley wrote:
For the benefit of those who do not follow dnsext closely, what 
friction do you expect?

As Eric stated in his message, we should not rehash old arguments.  
This has been beaten to death on the DKIM WG mailing list. As 
expected, different people had different (and, in this case,
strongly-held) views, but consensus was reached and agreed 
to by the 
AD and with the DNS folks.

To avoid repeating this debate, can someone post some summary 
information on this particularly including which exact people 
came to consensus about this. I'm particularly interested in 
if the consensus included the contributors to 
draft-iab-dns-choices since that has been raised in LC comments.

Choices sets out four possibilities for extending the use of the DNS and sets 
out pros and cons for each. 

The DKIM group has taken account of this information and has noted that since 
key records do not require wildcard capability the third option of prefix 
records is most appropriate since they provide all the functionality required 
and are compatible with the DNS infrastructure as deployed.

The use of a new DNS RR is being considered for policy records which do require 
wildcard capability.

It is somewhat unfortunate that the choices draft does not take a more 
realistic approach to deployment constraints. This has been raised on numerous 
occasions but the fact is that the best information we have available is the 
information presented during the MARID working group which indicated that at 
the time only 50% of the deployed DNS infrastructure does in fact support new 
RRs in a production mode (i.e. you can add the RR using the standard admin tool 
and the configuration will survive a reboot). Things may have changed since but 
the onus should be on those who claim the situation has changed to prove it.

In terms of consensus I don't think anyone would challenge the claim 'DKIM key 
records do not require prefixes'.

I believe that there is also universal consensus amongst those who have read 
choices and DKIM that the limitations of prefix records set out in the draft do 
not apply.

The only points on which there is disagreement are the question of the extent 
to which the deployed DNS infrastructure really supports new RRs and whether 
this would be a significant handicap in the case of DKIM deployment.

The first point is an empirical one, the second is subjective. We agree to 

NOTE WELL: This list operates according to