[ietf-dkim] Delegating responsibility: a make vs. buy design
fenton at cisco.com
Fri Aug 25 09:36:03 PDT 2006
Stephen Farrell wrote:
> Where the delagatee supplies a public key to the delegator then its
> quite likely that that public key will never get updated. That's a bad
But that's not the only form of delegation provided by -base. It's also
possible for the delegator to publish NS records pointing
_domainkey.delegator.org at name servers managed by the delegatee, and
allowing the delegatee to publish (and update) key records there. It's
also possible for the delegator to have multiple delegatees, by
publishing NS records for subdomains of the _domainkey domain to
multiple delegatees (which would then use dotted selector names).
The objection to this in favor of Delegated Signing Domains is that
delegators may not have the tools to publish NS records for subdomains.
More information about the ietf-dkim