[ietf-dkim] New Thread: Use of CNAME in place of NS subdomain
ietf-dkim at kitterman.com
Mon Aug 28 14:05:42 PDT 2006
On Monday 28 August 2006 16:58, Michael Thomas wrote:
> This has been discussed before, and the answer is that it doesn't work very
> well. You can't, for instance, CNAME an interior node -- just leaf
> nodes. For
> DKIM, the ability to roll selector names pretty much means you'd want to
> the subtree not just a leaf. I expect for any sort of scale and/or key
> management on
> the target of the CNAME, you'd end up with a lot of broken links.
But wouldn't Jim's suggestion of pre-creating extra CNAMES allow for key
management by the operator?
Keeping in mind that we are focused on small domains that don't have the
ability to do subdomain NS delegation, do you think that for small scale the
approach would be reasonably useful?
More information about the ietf-dkim