new signatures), I myself only copped on that this could be of some use where the primary has DNSSEC but where the secondary doesn't, which is maybe interesting.
In that case, the primary can just publish pointers to the secondaries, and we're done.
The DKIM-like signatures have an odd model where the primary has enough control over its DNS to publish the validation key, and enough to give the secondaries signed records for their names they can publish that point back to that key, but not enough just to publish the secondaries' names directly. I don't get it.
Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
