[ietf-dkim] CNAME's
David Mayne
dmayne at corp.earthlink.net
Wed Jul 5 19:51:57 PDT 2006
John Levine wrote:
>
> A
> difference is that if you have many CNAMEs pointing to one place for
> the TXT, you can change what's at the place once and it changes
> everywhere else.
>
That is the main administration issue that CNAME's simplify that I meant
to confer, yes. It could be a big deal for service providers, having
the changes in one place for domains that don't opt in for custom keys.
While the effort to put in TXT records and CNAMES may be seemingly the
same, the subsequent management is what I'm concerned with - and it is
hard for me to put something into place if I can't find a way to manage it.
> The other,
> more interesting, one is when the zone with the CNAME and the zone of
> its target are under different management. For contracting out, a
> CNAME could be quite useful to point your _domainkey subdomain at
> someone else's nameserver so that someone else can do all the key
> management.
More interesting, yes, but I think that management of the keys, even
within an organization like a hosting ISP that has control of DNS, is
still an issue to be dealt with, given the number of domains/entries
involved, and that CNAME's do offer a viable management point today.
Thanks,
David
More information about the ietf-dkim
mailing list