On Aug 30, 2004, at 5:58 PM, Richard Shockey wrote:
I belive this argument has already been decided and the IAB and IESG
will not accept further specifications that are based on the use of
the TXT RR with the singular exception for MARID for the well know
reasons outlined in the San Diego meetings.
I hope this is true.
again if the DNS is broken its already WAY WAY broken and indeed you
are correct the MARID specifications add several orders of magnitude
to the problem ..but that said I think the general sense of the DNS
Ops and Ext community has been enough is enough and requirements for
additional key material stored in the DNS itself must prove its case
to a very very high level .
what about sshfp?
Yes and NAPTR's work ..the support is already in all the DNS
reference models and resolvers.
NAPTR's are good. Another possibility is a new modifier (pointing to
the place where the key material) in existing SPF records.
There are two benefits of putting the key material in DNS: 1) everybody
is already running DNS, and 2) if it is small enough, it is
lickity-split fast.
If it can't fit into a DNS packet, I actually favor an ESMTP extension
for dialback use. This means no new DNS records of any type, no
additional records, etc... I've talked to some email hosting providers
that have a fairly big hill to climb around the administration of
adding another record (its type doesn't matter). Their issue is that
forward DNS is under the control of another entity and just getting the
MX to point to the right place is headache.
-andy