>> Consolidation of multiple domains to a single key record. Useful when >> contracting out signing, wouldn't you think?
Maybe. Adding a CNAME is no easier than adding a TXT record. A difference is that if you have many CNAMEs pointing to one place for the TXT, you can change what's at the place once and it changes everywhere else. >Strongly agreed - an ISP that supports millions of hosting domains, for >instance, will see a administrative barrier to using DKIM without >CNAME's, at least to get started. Again, seems to me that to get started adding a TXT and adding a CNAME are the same amount of effort. There are two general scenarios where CNAMEs are useful. One is when you are changing the name of a domain, and use a CNAME to alias the old domain tree to the new one for a transition period. The other, more interesting, one is when the zone with the CNAME and the zone of its target are under different management. For contracting out, a CNAME could be quite useful to point your _domainkey subdomain at someone else's nameserver so that someone else can do all the key management. This applies even if every CNAME points to a different place -- the goal is to give the owner of the target of the CNAME the ability to change what's there without letting them mess with the rest of your zone. Note that all of this is well known in the DNS community. We're just applying existing tools to our slightly unusual DNS application. R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
