I can see how two different sysadmins administer the _openpgpkey and the _smimecert zones possibly even running on different nameservers. Like the smime one on Microsoft and the openpgp one on Linux.
But we've gotten along with A and MX records at the same name for 30 years. By this logic, every new RR type should have its own name prefix, just in case someone might want to manage it differently. I hope we agree that's ridiculous. There's no special processing for OPENPGPKEY or SMIMEA records, so there's no reason they would be handled differently by name servers.
If someone wants to manage OPENPGPKEY and SMIMEA records separately, why should the answer be any different than if they want to manage A and MX records separately? Do it in your provisioning system, don't put extra noise in the DNS.
ps.Don't tell me you want to start running ANY queries against <hash>._mailbox.domain :)
Naah, my qmail is patched. Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
