On Mon, 20 Jul 2015, James Cloos wrote:
They should be at the same place even though multiple lookups are likely
to be required anyway -- not everything will fully support an ANY query.
And I renew my (previously ignored) suggestion that they, along with
tlsa records for client certs where the cn or other lookup -- such as
a sip url or the like -- has an @ in it -- be under _at.
The use of -at. is only when you would run an ANY query. As we have seen
with qmail, using ANY queries for real data, as opposed to diagnosing
DNS, is fraught with peril. I would not want to support the use of ANY
queries, even though I see its appeal to run a single ANY query on a
single user to get all their personal information. Sending a few queries
at once in parallel is not really much slower, and I don't think any of
these personal DNS properties discovery would be that sensitive to latency.
Similarrly, the function mapping the local part to a dns element also
should be the same for every record type. Whatever that function should be.
I guess you are suggesting everyone gets their own delegation at
base32/split._at.domain.com to put all their personal information in?
I could see some use for that, but I would say lets first see how well
OPENPGPKEY and SMIME do, and then see about creating something like this
in the future.
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
