[ietf-dkim] domainkeys for other protocolls/applications
MarkD+dkim at yahoo-inc.com
Wed Dec 7 10:48:14 PST 2005
> As you point out, there are a few different ways that signing policy can
> handle services. You can make the service name a "selector", or use a
> tag similar to s= in the policy record. The latter doesn't scale as
> well to large numbers of services, but the SSP records are short to
> begin with, and I can't think of enough services to run out of UDP-space
> for the policy.
For a new service that always signs and discards unauthenticated
traffic, policy could be embedded in each selector. A global policy,
with a well-defined namespace is only needed if unauthenticated
traffic is possibly acceptable.
More information about the ietf-dkim