Earl Hood wrote on Monday, 25 July 2005 4:20 p.m.
For example, the "d=" tag can be described as:
The identity of the signing agent.
Within the DNS query method, this will be the domain name of the
signing agent, which will be queried for retrieving the public
signing key. The domain provided MUST be the same as or a parent
domain of the i= tag.
I think that the "i=" tag is more correctly described as the signing agent
and that the "d=" tag should be derived from the "i=" value. Perhaps "i="
should be REQUIRED, while "d=" is OPTIONAL (or is REQUIRED for DNS key
retrieval).
... BTW, I see the "q=" tag as more
of a PKI implementation identifier vs a "query method".
A more fundamental question is whether the proposed charter is in conflict
with the "q=" tag. The proposed charter states
"Keys will be stored in the responsible identity's DNS hierarchy."
So why have a "q=" tag at all?
The existence of this tag automatically opens up DKIM to alternative key
storage/retrieval mechanisms.
I assume that any proposal to use a value (other than the default "q=dns")
will be able to specify how to retrieve the key, and what interpretation
should be placed on ancillary tags such as "d=" and "s=". The
interpretations in such cases may be different from that specified in the
draft.
Perhaps the charter should be amended to reflect that alternative (to the
default DNS) key retrieval mechanisms may be defined through future working
group process. This would be preferable to removing the "q=" tag from the
specification, as such action would severely restrict the ability to
flexibility develop the specification.
James