> On Mar 13, 2015, at 11:23 AM, John Levine <[email protected]> wrote: > > I see that in dane-openpgpkey, the name on the record is > > <hash>._openpgpkey.domain > > and in dane-smime, the name is: > > <hash>._smimecert.domain > > These are two different names for the same mailbox. Since they use > the same hash, wouldn't it be a better idea for both of them and any > future RRs that use hashed mailboxes to use the same name? > > <hash>._mailbox.domain
This could go either way. If the WG thinks that the user, or someone responsible for the user, will add and change DNS records for that user, your proposal would clearly be better because you could delegate the user to a new subzone. On the other hand, if the WG thinks that the security admin will be the one adding and changing records for a particular type of mail security, then the design we are using now is better. I lean towards the second, but can see the merit of the first now that people are thinking of using this for things other than just mail security. --Paul Hoffman _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
