[ietf-dkim] Modified Introduction text for rfc4871-errata (resend)
Michael Thomas
mike at mtcc.com
Tue Jun 16 16:13:33 PDT 2009
Steve Atkins wrote:
> On Jun 16, 2009, at 2:35 PM, Michael Thomas wrote:
>>
>> 1) People saying that d= is THE IDENTIFIER are overloading the
>> value: d= a routing
>> label to a particular DNS subtree. Whether it has anything to do
>> with THE
>> IDENTIFIER is purely coincidental. The assumption that these two
>> functions are
>> identical is bogus. i= was supposed to be this stable value
>> detached from the
>> mechanical DNS routing function.
>
> Are you confusing the d= value and the DNS node (including selectors and
> suchlike) that the public key lives at?
No. d= is just the locater to that node.
> The d= value has been the persistent identifier for the signer since
> day one,
> while the i= value is a more specific value that the signer can
> optionally use.
No, it's the other way around. i= *always* has a value, even if it's
not present; it's not "optional" in the way you're using the word.
> Given that the RHS of i= is either identical or a subdomain of d= it's
> nonsensical
> to consider i= more stable than d=, as i= must change if d= does.
I never said anything about "stability". I said that the two aren't
same. i= can be something like mojave.skunkworks.megacorp.com where
d= is just megacorp.com, because it's impossible at megacorp.com to
implement DNS subdomains. This isn't about stability, it's about having
identifiers that match the *mail identity* infrastructure that you'd
like to implement. That shouldn't be constrained by the accident of
routing to the selectors of whatever DNS infrastructure megacorp.com
is stuck with.
Mike
More information about the ietf-dkim
mailing list