[ietf-dkim] Proposal: Removal of AUID (i= tag/value)
bmcdowell at paypal-inc.com
Mon Apr 4 08:45:24 PDT 2011
I believe the context for your earlier comments that I responded to was the discussion about deprecating i= and/or adding a new st= tag. I hope my comments were not interpreted as supporting either of those changes. That was not my intention.
On Apr 4, 2011, at 10:47 AM, John R. Levine wrote:
> I think it would be a fine idea to come up with tools to help maintain the
> necessary DNS records.
Agreed. But probably out-of-scope for this WG, yes? MAAWG, OTA, BITS, APWG, etc. seem like better fora for this kind of deployment support.
> In the small scale at least, I can report that
> it's very simple and my monthly DKIM key rotation is completely automated.
> Large organizations have larger issues,
Indeed, and those differences are not to be underestimated. I've been surprised to hear from other deployers just how hard this for them to operationalize at scale. These are folks who generally don't participate in IETF so we don't see a lot of first-hand reports on this mail list (at least I haven't).
> but the right thing to do is to
> help to deal with the problem.
... and the root cause of the problem, which just might be a missed opportunity to optimize something in the spec itself.
I was only chiming in for the sake of keeping our tone open to specification changes based on real world deployment challenges (at least for the remaining duration of this WG). But here's where I agree with John: we haven't seen any deployment challenges documented in an actionable way that would suggest specification changes. There's a lot of anecdotal evidence (like what I share above ;-) but not much actionable detail.
More information about the ietf-dkim