Steve Atkins wrote:
On Jun 16, 2009, at 2:35 PM, Michael Thomas wrote:
1) People saying that d= is THE IDENTIFIER are overloading the
value: d= a routing
label to a particular DNS subtree. Whether it has anything to do
with THE
IDENTIFIER is purely coincidental. The assumption that these two
functions are
identical is bogus. i= was supposed to be this stable value
detached from the
mechanical DNS routing function.
Are you confusing the d= value and the DNS node (including selectors and
suchlike) that the public key lives at?
No. d= is just the locater to that node.
The d= value has been the persistent identifier for the signer since
day one,
while the i= value is a more specific value that the signer can
optionally use.
No, it's the other way around. i= *always* has a value, even if it's
not present; it's not "optional" in the way you're using the word.
Given that the RHS of i= is either identical or a subdomain of d= it's
nonsensical
to consider i= more stable than d=, as i= must change if d= does.
I never said anything about "stability". I said that the two aren't
same. i= can be something like mojave.skunkworks.megacorp.com where
d= is just megacorp.com, because it's impossible at megacorp.com to
implement DNS subdomains. This isn't about stability, it's about having
identifiers that match the *mail identity* infrastructure that you'd
like to implement. That shouldn't be constrained by the accident of
routing to the selectors of whatever DNS infrastructure megacorp.com
is stuck with.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html