Some compelling reasons for a single DNS record which does not specify
algorithm scope:
1. It allows all algorithms to play equally.
2. If we do not reach concensus, Microsoft might just go create their own
non-interoperable (with other algorithms technically or legally) standard for
DNS records.
3. The hardest thing to get done, undone (if we choose wrong or act too late),
and maintain, are the publishing of the DNS records on wide scale. We better
not get the DNS record wrong, be too late to be relevant, proliferate
fragmentation, or exclude parties which can promote it to success.
4. The anti-forgery algorithms we are considering now may ultimately have the
least relevance in the end game of anti-spam. For example, I expect the PASS
case to be much more important to a viable anti-spam algorithm than the other
result cases. Thus in the anti-spam algorithms I envision, the more algorithms
that can generate a PASS case, the better the final performance.
5. If we design a DNS record that can interopt with known algorithm proposals,
then it will have a better chance of interopting with all algorithms, than if
we design separate records that go off in proprietary directions.
6. Simplicity breeds success. Other engineers know this as "KISS" (Keep It
Simple Stupid). Also known as 80/20 rule.
7. We can not force an algorithm in reality (because we haven't provided a 100%
solution with proposed algorithms), thus #5 is needed.
8. Waiting until we have a "end all" algorithm means we may be too late. There
are important cases that can be solved today with the current proposed
algorithms.
I could probably think of more. Can anyone think of compelling reasons to
convince ourselves we can force an algorithm on the DNS record (even though IMO
we can not in reality)?
-Shelby Moore