On 26 nov 2014, at 02:04, Viktor Dukhovni <[email protected]> wrote:
> * REQ-2 seems to suggest DNAME in a context where I would generally
> expect CNAME (linking one leaf record to another). DNAMEs would
> far more likely be used when all users have addresses in each of
> two or more equivalent domains.
Why? The following example makes sense for aliasing:
_smimecert.example.com. IN DNAME _smimecert.example.net.
> * REQ-7 is I think too concise. What is it about?
I believe something like this:
_smimecert.example.com. IN DNAME _smimecert.example.com.provider.net.
> * REQ-8 feels wrong. It is turtles all the way down,
> the merging enterprise's applications may be using some other
> protocol. The protocol cannot encompass all competing protocols.
> Applications may need to support multiple protocols, and perhaps
> a meta protocol (obligatory xkcd reference anyone) could be used
> to signal which one to apply to which user. However it may simply
> be better for a new protocol to keep things simple and aim to
> displace rather than entrench legacy options.
I agree. For me, this feels like optimizing for the publish side (of which
there are few) instead of optimizing for the client (of which there any many).
Also, this adds complexity. I can see that it would be easier for an enterprise
to say *._smimecert.example.com. IN SMIMEA go-see-ldap, but if one can put one
SMIMEA RR in the DNS, one can easily loop through that LDAP thing and publish
all the certs. I'd like to optimize for simplicity in this case.
jakob
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
