[ietf-dkim] (registered) domain name (Re: errata revision: opaque)

[Dave CROCKER]

John Levine wrote:
> One of us should send in a separate technical erratum saying that DKIM
> key records SHOULD be published only for SDID domains that have
> corresponding MX or A records and can receive mail.


I believe your later posting on this retracted the suggestion, but this issue 
strike me as one that is very easy (and common) to misunderstand. So it's worth 
emphasizing.  Might be worth adding tidbits to the Deployment draft?

The d= domain name is permitted to have /no relationship/ to any mail-sending or 
mail-receiving domain name.  Hence, no A, MX, or possibly /any(!)/ DNS resource 
records for the name.

There might prove to be some benefits in choosing to have the d= name match the 
name used for other purposes, but the design of DKIM does not require it and 
it's essential that signers retain the choice.

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net