"Bob Atkinson" <bobatk(_at_)exchange(_dot_)microsoft(_dot_)com> wrote:
I can tell you that, having worked on Caller ID for more than a year and
a half, and having had it basically stable since a year ago, I
continually and routinely keep coming across valuable new things that
people will want to say about these sorts of policies.
I understand, and I think that's a good idea. Once a policy system
exists, people will use it for all sorts of things beyond the original
scope.
The ones that we can think of before we spec-freeze we can build in. The
other ones need a robust extensibility mechanism for.
Does that extensibility have to exist in DNS records? I think
that's the point of contention, here. Hadmu was flamed mercilessly
for proposing to put policy records somewhere else, as they were too
large to be "proper" for DNS.
Will this be another case of people flaming Hadmut for 6 months
about his idea, and then implementing their own take on it?
If the policy records are going to be huge, and can't go in DNS,
then they can go off-line (WWW, as Hadmut suggested), or in-line &
signed. DNS can then be used to distribute small records, and also
the signing keys and/or certificates. That makes more sense to me.
Alan DeKok.